aws-sdk-qldb 1.10.0 → 1.15.0

data/lib/aws-sdk-qldb/client_api.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -90,6 +90,8 @@ module Aws::QLDB
     UniqueId = Shapes::StringShape.new(name: 'UniqueId')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
+    UpdateLedgerPermissionsModeRequest = Shapes::StructureShape.new(name: 'UpdateLedgerPermissionsModeRequest')
+    UpdateLedgerPermissionsModeResponse = Shapes::StructureShape.new(name: 'UpdateLedgerPermissionsModeResponse')
     UpdateLedgerRequest = Shapes::StructureShape.new(name: 'UpdateLedgerRequest')
     UpdateLedgerResponse = Shapes::StructureShape.new(name: 'UpdateLedgerResponse')
     ValueHolder = Shapes::StructureShape.new(name: 'ValueHolder')
@@ -111,6 +113,7 @@ module Aws::QLDB
     CreateLedgerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
     CreateLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
     CreateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
+    CreateLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     CreateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
     CreateLedgerResponse.struct_class = Types::CreateLedgerResponse
 
@@ -138,6 +141,7 @@ module Aws::QLDB
     DescribeLedgerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
     DescribeLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
     DescribeLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
+    DescribeLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     DescribeLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
     DescribeLedgerResponse.struct_class = Types::DescribeLedgerResponse
 
@@ -321,6 +325,15 @@ module Aws::QLDB
 
     UntagResourceResponse.struct_class = Types::UntagResourceResponse
 
+    UpdateLedgerPermissionsModeRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
+    UpdateLedgerPermissionsModeRequest.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, required: true, location_name: "PermissionsMode"))
+    UpdateLedgerPermissionsModeRequest.struct_class = Types::UpdateLedgerPermissionsModeRequest
+
+    UpdateLedgerPermissionsModeResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
+    UpdateLedgerPermissionsModeResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
+    UpdateLedgerPermissionsModeResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
+    UpdateLedgerPermissionsModeResponse.struct_class = Types::UpdateLedgerPermissionsModeResponse
+
     UpdateLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
     UpdateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
     UpdateLedgerRequest.struct_class = Types::UpdateLedgerRequest
@@ -571,6 +584,16 @@ module Aws::QLDB
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
+
+      api.add_operation(:update_ledger_permissions_mode, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateLedgerPermissionsMode"
+        o.http_method = "PATCH"
+        o.http_request_uri = "/ledgers/{name}/permissions-mode"
+        o.input = Shapes::ShapeRef.new(shape: UpdateLedgerPermissionsModeRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateLedgerPermissionsModeResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
     end
 
   end

data/lib/aws-sdk-qldb/errors.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-qldb/resource.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-qldb/types.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -23,7 +23,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream to be canceled.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamRequest AWS API Documentation
@@ -36,7 +37,7 @@ module Aws::QLDB
     end
 
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (Base62-encoded text) of the canceled QLDB journal stream.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamResponse AWS API Documentation
@@ -55,7 +56,7 @@ module Aws::QLDB
     #         tags: {
     #           "TagKey" => "TagValue",
     #         },
-    #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL
+    #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
     #         deletion_protection: false,
     #       }
     #
@@ -79,7 +80,37 @@ module Aws::QLDB
     #
     # @!attribute [rw] permissions_mode
     #   The permissions mode to assign to the ledger that you want to
-    #   create.
+    #   create. This parameter can have one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access
+    #     control with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have the `SendCommand` API permission
+    #     for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
+    #     on any tables in the specified ledger. This mode disregards any
+    #     table-level or command-level IAM permissions policies that you
+    #     create for the ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables
+    #     access control with finer granularity for ledgers, tables, and
+    #     PartiQL commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands
+    #     to run, you must create IAM permissions policies for specific
+    #     table resources and PartiQL actions, in addition to the
+    #     `SendCommand` API permission for the ledger. For information, see
+    #     [Getting started with the standard permissions mode][1] in the
+    #     *Amazon QLDB Developer Guide*.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
     #   @return [String]
     #
     # @!attribute [rw] deletion_protection
@@ -88,11 +119,8 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerRequest AWS API Documentation
@@ -124,17 +152,18 @@ module Aws::QLDB
     #   12:00:00 AM January 1, 1970 UTC.)
     #   @return [Time]
     #
+    # @!attribute [rw] permissions_mode
+    #   The permissions mode of the ledger that you created.
+    #   @return [String]
+    #
     # @!attribute [rw] deletion_protection
     #   The flag that prevents a ledger from being deleted by any user. If
     #   not provided on ledger creation, this feature is enabled (`true`) by
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerResponse AWS API Documentation
@@ -144,6 +173,7 @@ module Aws::QLDB
       :arn,
       :state,
       :creation_date_time,
+      :permissions_mode,
       :deletion_protection)
       SENSITIVE = []
       include Aws::Structure
@@ -181,7 +211,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream to describe.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalKinesisStreamRequest AWS API Documentation
@@ -219,7 +250,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] export_id
-    #   The unique ID of the journal export job that you want to describe.
+    #   The UUID (represented in Base62-encoded text) of the journal export
+    #   job to describe.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalS3ExportRequest AWS API Documentation
@@ -281,17 +313,18 @@ module Aws::QLDB
     #   12:00:00 AM January 1, 1970 UTC.)
     #   @return [Time]
     #
+    # @!attribute [rw] permissions_mode
+    #   The permissions mode of the ledger.
+    #   @return [String]
+    #
     # @!attribute [rw] deletion_protection
     #   The flag that prevents a ledger from being deleted by any user. If
     #   not provided on ledger creation, this feature is enabled (`true`) by
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedgerResponse AWS API Documentation
@@ -301,6 +334,7 @@ module Aws::QLDB
       :arn,
       :state,
       :creation_date_time,
+      :permissions_mode,
       :deletion_protection)
       SENSITIVE = []
       include Aws::Structure
@@ -330,11 +364,11 @@ module Aws::QLDB
     #
     # @!attribute [rw] inclusive_start_time
     #   The inclusive start date and time for the range of journal contents
-    #   that you want to export.
+    #   to export.
     #
     #   The `InclusiveStartTime` must be in `ISO 8601` date and time format
     #   and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `InclusiveStartTime` must be before `ExclusiveEndTime`.
     #
@@ -344,12 +378,12 @@ module Aws::QLDB
     #   @return [Time]
     #
     # @!attribute [rw] exclusive_end_time
-    #   The exclusive end date and time for the range of journal contents
-    #   that you want to export.
+    #   The exclusive end date and time for the range of journal contents to
+    #   export.
     #
     #   The `ExclusiveEndTime` must be in `ISO 8601` date and time format
     #   and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `ExclusiveEndTime` must be less than or equal to the current UTC
     #   date and time.
@@ -385,7 +419,8 @@ module Aws::QLDB
     end
 
     # @!attribute [rw] export_id
-    #   The unique ID that QLDB assigns to each journal export job.
+    #   The UUID (represented in Base62-encoded text) that QLDB assigns to
+    #   each journal export job.
     #
     #   To describe your export request and check the status of the job, you
     #   can use `ExportId` to call `DescribeJournalS3Export`.
@@ -421,7 +456,7 @@ module Aws::QLDB
     #   Amazon Ion structure that has two fields: `strandId` and
     #   `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
     #   @return [Types::ValueHolder]
     #
     # @!attribute [rw] digest_tip_address
@@ -429,7 +464,7 @@ module Aws::QLDB
     #   a proof. An address is an Amazon Ion structure that has two fields:
     #   `strandId` and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
     #   @return [Types::ValueHolder]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetBlockRequest AWS API Documentation
@@ -524,11 +559,12 @@ module Aws::QLDB
     #   address is an Amazon Ion structure that has two fields: `strandId`
     #   and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
     #   @return [Types::ValueHolder]
     #
     # @!attribute [rw] document_id
-    #   The unique ID of the document to be verified.
+    #   The UUID (represented in Base62-encoded text) of the document to be
+    #   verified.
     #   @return [String]
     #
     # @!attribute [rw] digest_tip_address
@@ -536,7 +572,7 @@ module Aws::QLDB
     #   a proof. An address is an Amazon Ion structure that has two fields:
     #   `strandId` and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
     #   @return [Types::ValueHolder]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetRevisionRequest AWS API Documentation
@@ -588,9 +624,9 @@ module Aws::QLDB
       include Aws::Structure
     end
 
-    # The information about an Amazon QLDB journal stream, including the
-    # Amazon Resource Name (ARN), stream name, creation time, current
-    # status, and the parameters of your original stream creation request.
+    # Information about an Amazon QLDB journal stream, including the Amazon
+    # Resource Name (ARN), stream name, creation time, current status, and
+    # the parameters of the original stream creation request.
     #
     # @!attribute [rw] ledger_name
     #   The name of the ledger.
@@ -620,7 +656,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -633,7 +670,7 @@ module Aws::QLDB
     #
     # @!attribute [rw] kinesis_configuration
     #   The configuration settings of the Amazon Kinesis Data Streams
-    #   destination for your QLDB journal stream.
+    #   destination for a QLDB journal stream.
     #   @return [Types::KinesisConfiguration]
     #
     # @!attribute [rw] error_cause
@@ -664,16 +701,17 @@ module Aws::QLDB
       include Aws::Structure
     end
 
-    # The information about a journal export job, including the ledger name,
-    # export ID, when it was created, current status, and its start and end
-    # time export parameters.
+    # Information about a journal export job, including the ledger name,
+    # export ID, creation time, current status, and the parameters of the
+    # original export creation request.
     #
     # @!attribute [rw] ledger_name
     #   The name of the ledger.
     #   @return [String]
     #
     # @!attribute [rw] export_id
-    #   The unique ID of the journal export job.
+    #   The UUID (represented in Base62-encoded text) of the journal export
+    #   job.
     #   @return [String]
     #
     # @!attribute [rw] export_creation_time
@@ -729,7 +767,7 @@ module Aws::QLDB
     end
 
     # The configuration settings of the Amazon Kinesis Data Streams
-    # destination for your Amazon QLDB journal stream.
+    # destination for an Amazon QLDB journal stream.
     #
     # @note When making an API call, you may pass KinesisConfiguration
     #   data as a hash:
@@ -740,17 +778,24 @@ module Aws::QLDB
     #       }
     #
     # @!attribute [rw] stream_arn
-    #   The Amazon Resource Name (ARN) of the Kinesis data stream resource.
+    #   The Amazon Resource Name (ARN) of the Kinesis Data Streams resource.
     #   @return [String]
     #
     # @!attribute [rw] aggregation_enabled
     #   Enables QLDB to publish multiple data records in a single Kinesis
-    #   Data Streams record. To learn more, see [KPL Key Concepts][1] in the
-    #   *Amazon Kinesis Data Streams Developer Guide*.
+    #   Data Streams record, increasing the number of records sent per API
+    #   call.
+    #
+    #   *This option is enabled by default.* Record aggregation has
+    #   important implications for processing records and requires
+    #   de-aggregation in your stream consumer. To learn more, see [KPL Key
+    #   Concepts][1] and [Consumer De-aggregation][2] in the *Amazon Kinesis
+    #   Data Streams Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-concepts.html
+    #   [2]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-consumer-deaggregation.html
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/KinesisConfiguration AWS API Documentation
@@ -1041,8 +1086,8 @@ module Aws::QLDB
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) for which you want to list the tags.
-    #   For example:
+    #   The Amazon Resource Name (ARN) for which to list the tags. For
+    #   example:
     #
     #   `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
     #   @return [String]
@@ -1185,7 +1230,7 @@ module Aws::QLDB
     #
     # @!attribute [rw] kms_key_arn
     #   The Amazon Resource Name (ARN) for a symmetric customer master key
-    #   (CMK) in AWS Key Management Service (AWS KMS). Amazon QLDB does not
+    #   (CMK) in AWS Key Management Service (AWS KMS). Amazon S3 does not
     #   support asymmetric CMKs.
     #
     #   You must provide a `KmsKeyArn` if you specify `SSE_KMS` as the
@@ -1306,7 +1351,7 @@ module Aws::QLDB
     #   The inclusive start date and time from which to start streaming
     #   journal data. This parameter must be in `ISO 8601` date and time
     #   format and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `InclusiveStartTime` cannot be in the future and must be before
     #   `ExclusiveEndTime`.
@@ -1323,7 +1368,7 @@ module Aws::QLDB
     #
     #   The `ExclusiveEndTime` must be in `ISO 8601` date and time format
     #   and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #   @return [Time]
     #
     # @!attribute [rw] kinesis_configuration
@@ -1361,7 +1406,8 @@ module Aws::QLDB
     end
 
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) that QLDB assigns to
+    #   each QLDB journal stream.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/StreamJournalToKinesisResponse AWS API Documentation
@@ -1418,14 +1464,14 @@ module Aws::QLDB
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) from which you want to remove the
-    #   tags. For example:
+    #   The Amazon Resource Name (ARN) from which to remove the tags. For
+    #   example:
     #
     #   `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
-    #   The list of tag keys that you want to remove.
+    #   The list of tag keys to remove.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UntagResourceRequest AWS API Documentation
@@ -1441,6 +1487,84 @@ module Aws::QLDB
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass UpdateLedgerPermissionsModeRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "LedgerName", # required
+    #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the ledger.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_mode
+    #   The permissions mode to assign to the ledger. This parameter can
+    #   have one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access
+    #     control with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have the `SendCommand` API permission
+    #     for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
+    #     on any tables in the specified ledger. This mode disregards any
+    #     table-level or command-level IAM permissions policies that you
+    #     create for the ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables
+    #     access control with finer granularity for ledgers, tables, and
+    #     PartiQL commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands
+    #     to run, you must create IAM permissions policies for specific
+    #     table resources and PartiQL actions, in addition to the
+    #     `SendCommand` API permission for the ledger. For information, see
+    #     [Getting started with the standard permissions mode][1] in the
+    #     *Amazon QLDB Developer Guide*.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeRequest AWS API Documentation
+    #
+    class UpdateLedgerPermissionsModeRequest < Struct.new(
+      :name,
+      :permissions_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] name
+    #   The name of the ledger.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) for the ledger.
+    #   @return [String]
+    #
+    # @!attribute [rw] permissions_mode
+    #   The current permissions mode of the ledger.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeResponse AWS API Documentation
+    #
+    class UpdateLedgerPermissionsModeResponse < Struct.new(
+      :name,
+      :arn,
+      :permissions_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateLedgerRequest
     #   data as a hash:
     #
@@ -1459,11 +1583,8 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerRequest AWS API Documentation
@@ -1499,11 +1620,8 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerResponse AWS API Documentation