aws-sdk-qldb 1.13.0 → 1.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b51e45924592dfac1c049a1dfcee8ea7f09ddce77268ac96735a3745459f116
-  data.tar.gz: 9866d74a0ecb2b8201a4197d6d93fb793a3e7fbe97a6f700e6e0103f8dd546b1
+  metadata.gz: 2708a2f39158ed82c21ce2955d0fb17715f04adc8e6dd57684ba3ef8e195a694
+  data.tar.gz: 8ccdd5bfec9de2c0ca2dcfca19f24134755170f9d74347e1a60b5cb139e72ca8
 SHA512:
-  metadata.gz: 6aabde6d19ab517e73f2628a2cbca09050427ecc89ddbb9c9f20864747040bd9287bf3bdde79f7e189d48850f142ad3a6c7419eb4c6f8706b0bc88f1b3bad2fb
-  data.tar.gz: f02845595d681ab149f1c800b204b131a820e5cc746df3b6ad528a80f3674e115bcef347120e26368b712277f05a1a578a0d524b8caca0ad05b98fcc730cde69
+  metadata.gz: 013f3069d84ca4128055bf5e1a67eba59bc8c624386a729acef4d60debc0dc26f26329390a1e51be8fda818823f81f7613bd123a6b26ef7b0daf505a001e09ad
+  data.tar.gz: b4c64efeb71b2c0bd58143ebb7842181d14b57b771a2bac7ae82f8af6547b1936ee0bdf204c5693fc26cc3d7330b02568f3c83f70ca6339c1b67582e3f6d6d88

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.17.0 (2021-07-28)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.16.0 (2021-07-22)
+------------------
+
+* Feature - Amazon QLDB now supports ledgers encrypted with customer managed KMS keys. Changes in CreateLedger, UpdateLedger and DescribeLedger APIs to support the changes.
+
+1.15.0 (2021-06-04)
+------------------
+
+* Feature - Documentation updates for Amazon QLDB
+
+1.14.0 (2021-05-26)
+------------------
+
+* Feature - Support STANDARD permissions mode in CreateLedger and DescribeLedger. Add UpdateLedgerPermissionsMode to update permissions mode on existing ledgers.
+
 1.13.0 (2021-03-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.13.0
+1.17.0

data/lib/aws-sdk-qldb.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-qldb/customizations'
 # @!group service
 module Aws::QLDB
 
-  GEM_VERSION = '1.13.0'
+  GEM_VERSION = '1.17.0'
 
 end

data/lib/aws-sdk-qldb/client.rb

@@ -338,7 +338,8 @@ module Aws::QLDB
     #   The name of the ledger.
     #
     # @option params [required, String] :stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream to be canceled.
     #
     # @return [Types::CancelJournalKinesisStreamResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -364,11 +365,11 @@ module Aws::QLDB
       req.send_request(options)
     end
 
-    # Creates a new ledger in your AWS account.
+    # Creates a new ledger in your account in the current Region.
     #
     # @option params [required, String] :name
     #   The name of the ledger that you want to create. The name must be
-    #   unique among all of your ledgers in the current AWS Region.
+    #   unique among all of the ledgers in your account in the current Region.
     #
     #   Naming constraints for ledger names are defined in [Quotas in Amazon
     #   QLDB][1] in the *Amazon QLDB Developer Guide*.
@@ -384,6 +385,37 @@ module Aws::QLDB
     #
     # @option params [required, String] :permissions_mode
     #   The permissions mode to assign to the ledger that you want to create.
+    #   This parameter can have one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access control
+    #     with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have the `SendCommand` API permission for
+    #     this ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
+    #     tables in the specified ledger. This mode disregards any table-level
+    #     or command-level IAM permissions policies that you create for the
+    #     ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables access
+    #     control with finer granularity for ledgers, tables, and PartiQL
+    #     commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands to
+    #     run, you must create IAM permissions policies for specific table
+    #     resources and PartiQL actions, in addition to the `SendCommand` API
+    #     permission for the ledger. For information, see [Getting started
+    #     with the standard permissions mode][1] in the *Amazon QLDB Developer
+    #     Guide*.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
     #
     # @option params [Boolean] :deletion_protection
     #   The flag that prevents a ledger from being deleted by any user. If not
@@ -391,10 +423,53 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the `UpdateLedger`
-    #   operation to set the flag to `false`. The QLDB console disables
-    #   deletion protection for you when you use it to delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
+    #
+    # @option params [String] :kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of data
+    #   at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: By default, use an Amazon Web Services owned KMS
+    #     key.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more information,
+    #     see [Using symmetric and asymmetric keys][2] in the *Key Management
+    #     Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID, Amazon
+    #   Resource Name (ARN), alias name, or alias ARN. When using an alias
+    #   name, prefix it with `"alias/"`. To specify a key in a different
+    #   account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
     #
     # @return [Types::CreateLedgerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -402,7 +477,9 @@ module Aws::QLDB
     #   * {Types::CreateLedgerResponse#arn #arn} => String
     #   * {Types::CreateLedgerResponse#state #state} => String
     #   * {Types::CreateLedgerResponse#creation_date_time #creation_date_time} => Time
+    #   * {Types::CreateLedgerResponse#permissions_mode #permissions_mode} => String
     #   * {Types::CreateLedgerResponse#deletion_protection #deletion_protection} => Boolean
+    #   * {Types::CreateLedgerResponse#kms_key_arn #kms_key_arn} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -411,8 +488,9 @@ module Aws::QLDB
     #     tags: {
     #       "TagKey" => "TagValue",
     #     },
-    #     permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL
+    #     permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
     #     deletion_protection: false,
+    #     kms_key: "KmsKey",
     #   })
     #
     # @example Response structure
@@ -421,7 +499,9 @@ module Aws::QLDB
     #   resp.arn #=> String
     #   resp.state #=> String, one of "CREATING", "ACTIVE", "DELETING", "DELETED"
     #   resp.creation_date_time #=> Time
+    #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
     #   resp.deletion_protection #=> Boolean
+    #   resp.kms_key_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedger AWS API Documentation
     #
@@ -435,10 +515,8 @@ module Aws::QLDB
     # Deletes a ledger and all of its contents. This action is irreversible.
     #
     # If deletion protection is enabled, you must first disable it before
-    # you can delete the ledger using the QLDB API or the AWS Command Line
-    # Interface (AWS CLI). You can disable it by calling the `UpdateLedger`
-    # operation to set the flag to `false`. The QLDB console disables
-    # deletion protection for you when you use it to delete a ledger.
+    # you can delete the ledger. You can disable it by calling the
+    # `UpdateLedger` operation to set the flag to `false`.
     #
     # @option params [required, String] :name
     #   The name of the ledger that you want to delete.
@@ -462,14 +540,23 @@ module Aws::QLDB
 
     # Returns detailed information about a given Amazon QLDB journal stream.
     # The output includes the Amazon Resource Name (ARN), stream name,
-    # current status, creation time, and the parameters of your original
+    # current status, creation time, and the parameters of the original
     # stream creation request.
     #
+    # This action does not return any expired journal streams. For more
+    # information, see [Expiration for terminal streams][1] in the *Amazon
+    # QLDB Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/streams.create.html#streams.create.states.expiration
+    #
     # @option params [required, String] :ledger_name
     #   The name of the ledger.
     #
     # @option params [required, String] :stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream to describe.
     #
     # @return [Types::DescribeJournalKinesisStreamResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -507,11 +594,11 @@ module Aws::QLDB
     end
 
     # Returns information about a journal export job, including the ledger
-    # name, export ID, when it was created, current status, and its start
-    # and end time export parameters.
+    # name, export ID, creation time, current status, and the parameters of
+    # the original export creation request.
     #
     # This action does not return any expired export jobs. For more
-    # information, see [Export Job Expiration][1] in the *Amazon QLDB
+    # information, see [Export job expiration][1] in the *Amazon QLDB
     # Developer Guide*.
     #
     # If the export job with the given `ExportId` doesn't exist, then
@@ -528,7 +615,8 @@ module Aws::QLDB
     #   The name of the ledger.
     #
     # @option params [required, String] :export_id
-    #   The unique ID of the journal export job that you want to describe.
+    #   The UUID (represented in Base62-encoded text) of the journal export
+    #   job to describe.
     #
     # @return [Types::DescribeJournalS3ExportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -564,8 +652,8 @@ module Aws::QLDB
       req.send_request(options)
     end
 
-    # Returns information about a ledger, including its state and when it
-    # was created.
+    # Returns information about a ledger, including its state, permissions
+    # mode, encryption at rest settings, and when it was created.
     #
     # @option params [required, String] :name
     #   The name of the ledger that you want to describe.
@@ -576,7 +664,9 @@ module Aws::QLDB
     #   * {Types::DescribeLedgerResponse#arn #arn} => String
     #   * {Types::DescribeLedgerResponse#state #state} => String
     #   * {Types::DescribeLedgerResponse#creation_date_time #creation_date_time} => Time
+    #   * {Types::DescribeLedgerResponse#permissions_mode #permissions_mode} => String
     #   * {Types::DescribeLedgerResponse#deletion_protection #deletion_protection} => Boolean
+    #   * {Types::DescribeLedgerResponse#encryption_description #encryption_description} => Types::LedgerEncryptionDescription
     #
     # @example Request syntax with placeholder values
     #
@@ -590,7 +680,11 @@ module Aws::QLDB
     #   resp.arn #=> String
     #   resp.state #=> String, one of "CREATING", "ACTIVE", "DELETING", "DELETED"
     #   resp.creation_date_time #=> Time
+    #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
     #   resp.deletion_protection #=> Boolean
+    #   resp.encryption_description.kms_key_arn #=> String
+    #   resp.encryption_description.encryption_status #=> String, one of "ENABLED", "UPDATING", "KMS_KEY_INACCESSIBLE"
+    #   resp.encryption_description.inaccessible_kms_key_date_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedger AWS API Documentation
     #
@@ -619,12 +713,12 @@ module Aws::QLDB
     #   The name of the ledger.
     #
     # @option params [required, Time,DateTime,Date,Integer,String] :inclusive_start_time
-    #   The inclusive start date and time for the range of journal contents
-    #   that you want to export.
+    #   The inclusive start date and time for the range of journal contents to
+    #   export.
     #
     #   The `InclusiveStartTime` must be in `ISO 8601` date and time format
     #   and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `InclusiveStartTime` must be before `ExclusiveEndTime`.
     #
@@ -633,12 +727,12 @@ module Aws::QLDB
     #   `CreationDateTime`.
     #
     # @option params [required, Time,DateTime,Date,Integer,String] :exclusive_end_time
-    #   The exclusive end date and time for the range of journal contents that
-    #   you want to export.
+    #   The exclusive end date and time for the range of journal contents to
+    #   export.
     #
     #   The `ExclusiveEndTime` must be in `ISO 8601` date and time format and
     #   in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `ExclusiveEndTime` must be less than or equal to the current UTC
     #   date and time.
@@ -654,8 +748,8 @@ module Aws::QLDB
     #   * Write objects into your Amazon Simple Storage Service (Amazon S3)
     #     bucket.
     #
-    #   * (Optional) Use your customer master key (CMK) in AWS Key Management
-    #     Service (AWS KMS) for server-side encryption of your exported data.
+    #   * (Optional) Use your customer master key (CMK) in Key Management
+    #     Service (KMS) for server-side encryption of your exported data.
     #
     # @return [Types::ExportJournalToS3Response] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -718,14 +812,14 @@ module Aws::QLDB
     #   The location of the block that you want to request. An address is an
     #   Amazon Ion structure that has two fields: `strandId` and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
     #
     # @option params [Types::ValueHolder] :digest_tip_address
     #   The latest block location covered by the digest for which to request a
     #   proof. An address is an Amazon Ion structure that has two fields:
     #   `strandId` and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
     #
     # @return [Types::GetBlockResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -802,17 +896,18 @@ module Aws::QLDB
     #   is an Amazon Ion structure that has two fields: `strandId` and
     #   `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
     #
     # @option params [required, String] :document_id
-    #   The unique ID of the document to be verified.
+    #   The UUID (represented in Base62-encoded text) of the document to be
+    #   verified.
     #
     # @option params [Types::ValueHolder] :digest_tip_address
     #   The latest block location covered by the digest for which to request a
     #   proof. An address is an Amazon Ion structure that has two fields:
     #   `strandId` and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
     #
     # @return [Types::GetRevisionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -850,10 +945,18 @@ module Aws::QLDB
     # given ledger. The output of each stream descriptor includes the same
     # details that are returned by `DescribeJournalKinesisStream`.
     #
+    # This action does not return any expired journal streams. For more
+    # information, see [Expiration for terminal streams][1] in the *Amazon
+    # QLDB Developer Guide*.
+    #
     # This action returns a maximum of `MaxResults` items. It is paginated
     # so that you can retrieve all the items by calling
     # `ListJournalKinesisStreamsForLedger` multiple times.
     #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/streams.create.html#streams.create.states.expiration
+    #
     # @option params [required, String] :ledger_name
     #   The name of the ledger.
     #
@@ -910,14 +1013,14 @@ module Aws::QLDB
     end
 
     # Returns an array of journal export job descriptions for all ledgers
-    # that are associated with the current AWS account and Region.
+    # that are associated with the current account and Region.
     #
     # This action returns a maximum of `MaxResults` items, and is paginated
     # so that you can retrieve all the items by calling
     # `ListJournalS3Exports` multiple times.
     #
     # This action does not return any expired export jobs. For more
-    # information, see [Export Job Expiration][1] in the *Amazon QLDB
+    # information, see [Export job expiration][1] in the *Amazon QLDB
     # Developer Guide*.
     #
     #
@@ -982,7 +1085,7 @@ module Aws::QLDB
     # `ListJournalS3ExportsForLedger` multiple times.
     #
     # This action does not return any expired export jobs. For more
-    # information, see [Export Job Expiration][1] in the *Amazon QLDB
+    # information, see [Export job expiration][1] in the *Amazon QLDB
     # Developer Guide*.
     #
     #
@@ -1044,7 +1147,7 @@ module Aws::QLDB
     end
 
     # Returns an array of ledger summaries that are associated with the
-    # current AWS account and Region.
+    # current account and Region.
     #
     # This action returns a maximum of 100 items and is paginated so that
     # you can retrieve all the items by calling `ListLedgers` multiple
@@ -1094,8 +1197,8 @@ module Aws::QLDB
     # Returns all tags for a specified Amazon QLDB resource.
     #
     # @option params [required, String] :resource_arn
-    #   The Amazon Resource Name (ARN) for which you want to list the tags.
-    #   For example:
+    #   The Amazon Resource Name (ARN) for which to list the tags. For
+    #   example:
     #
     #   `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
     #
@@ -1145,7 +1248,7 @@ module Aws::QLDB
     #   The inclusive start date and time from which to start streaming
     #   journal data. This parameter must be in `ISO 8601` date and time
     #   format and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `InclusiveStartTime` cannot be in the future and must be before
     #   `ExclusiveEndTime`.
@@ -1161,7 +1264,7 @@ module Aws::QLDB
     #
     #   The `ExclusiveEndTime` must be in `ISO 8601` date and time format and
     #   in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     # @option params [required, Types::KinesisConfiguration] :kinesis_configuration
     #   The configuration settings of the Kinesis Data Streams destination for
@@ -1256,13 +1359,13 @@ module Aws::QLDB
     # can specify up to 50 tag keys to remove.
     #
     # @option params [required, String] :resource_arn
-    #   The Amazon Resource Name (ARN) from which you want to remove the tags.
-    #   For example:
+    #   The Amazon Resource Name (ARN) from which to remove the tags. For
+    #   example:
     #
     #   `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
     #
     # @option params [required, Array<String>] :tag_keys
-    #   The list of tag keys that you want to remove.
+    #   The list of tag keys to remove.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1293,10 +1396,52 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the `UpdateLedger`
-    #   operation to set the flag to `false`. The QLDB console disables
-    #   deletion protection for you when you use it to delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
+    #
+    # @option params [String] :kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of data
+    #   at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: Make no changes to the KMS key of the ledger.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more information,
+    #     see [Using symmetric and asymmetric keys][2] in the *Key Management
+    #     Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID, Amazon
+    #   Resource Name (ARN), alias name, or alias ARN. When using an alias
+    #   name, prefix it with `"alias/"`. To specify a key in a different
+    #   account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
     #
     # @return [Types::UpdateLedgerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1305,12 +1450,14 @@ module Aws::QLDB
     #   * {Types::UpdateLedgerResponse#state #state} => String
     #   * {Types::UpdateLedgerResponse#creation_date_time #creation_date_time} => Time
     #   * {Types::UpdateLedgerResponse#deletion_protection #deletion_protection} => Boolean
+    #   * {Types::UpdateLedgerResponse#encryption_description #encryption_description} => Types::LedgerEncryptionDescription
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_ledger({
     #     name: "LedgerName", # required
     #     deletion_protection: false,
+    #     kms_key: "KmsKey",
     #   })
     #
     # @example Response structure
@@ -1320,6 +1467,9 @@ module Aws::QLDB
     #   resp.state #=> String, one of "CREATING", "ACTIVE", "DELETING", "DELETED"
     #   resp.creation_date_time #=> Time
     #   resp.deletion_protection #=> Boolean
+    #   resp.encryption_description.kms_key_arn #=> String
+    #   resp.encryption_description.encryption_status #=> String, one of "ENABLED", "UPDATING", "KMS_KEY_INACCESSIBLE"
+    #   resp.encryption_description.inaccessible_kms_key_date_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedger AWS API Documentation
     #
@@ -1330,6 +1480,82 @@ module Aws::QLDB
       req.send_request(options)
     end
 
+    # Updates the permissions mode of a ledger.
+    #
+    # Before you switch to the `STANDARD` permissions mode, you must first
+    # create all required IAM policies and table tags to avoid disruption to
+    # your users. To learn more, see [Migrating to the standard permissions
+    # mode][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/ledger-management.basics.html#ledger-mgmt.basics.update-permissions.migrating
+    #
+    # @option params [required, String] :name
+    #   The name of the ledger.
+    #
+    # @option params [required, String] :permissions_mode
+    #   The permissions mode to assign to the ledger. This parameter can have
+    #   one of the following values:
+    #
+    #   * `ALLOW_ALL`\: A legacy permissions mode that enables access control
+    #     with API-level granularity for ledgers.
+    #
+    #     This mode allows users who have the `SendCommand` API permission for
+    #     this ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
+    #     tables in the specified ledger. This mode disregards any table-level
+    #     or command-level IAM permissions policies that you create for the
+    #     ledger.
+    #
+    #   * `STANDARD`\: (*Recommended*) A permissions mode that enables access
+    #     control with finer granularity for ledgers, tables, and PartiQL
+    #     commands.
+    #
+    #     By default, this mode denies all user requests to run any PartiQL
+    #     commands on any tables in this ledger. To allow PartiQL commands to
+    #     run, you must create IAM permissions policies for specific table
+    #     resources and PartiQL actions, in addition to the `SendCommand` API
+    #     permission for the ledger. For information, see [Getting started
+    #     with the standard permissions mode][1] in the *Amazon QLDB Developer
+    #     Guide*.
+    #
+    #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
+    #   maximize the security of your ledger data.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
+    #
+    # @return [Types::UpdateLedgerPermissionsModeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateLedgerPermissionsModeResponse#name #name} => String
+    #   * {Types::UpdateLedgerPermissionsModeResponse#arn #arn} => String
+    #   * {Types::UpdateLedgerPermissionsModeResponse#permissions_mode #permissions_mode} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_ledger_permissions_mode({
+    #     name: "LedgerName", # required
+    #     permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.name #=> String
+    #   resp.arn #=> String
+    #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsMode AWS API Documentation
+    #
+    # @overload update_ledger_permissions_mode(params = {})
+    # @param [Hash] params ({})
+    def update_ledger_permissions_mode(params = {}, options = {})
+      req = build_request(:update_ledger_permissions_mode, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -1343,7 +1569,7 @@ module Aws::QLDB
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-qldb'
-      context[:gem_version] = '1.13.0'
+      context[:gem_version] = '1.17.0'
       Seahorse::Client::Request.new(handlers, context)
     end