aws-sdk-qldb 1.13.0 → 1.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -28,6 +28,7 @@ module Aws::QLDB
28
28
  DescribeLedgerRequest = Shapes::StructureShape.new(name: 'DescribeLedgerRequest')
29
29
  DescribeLedgerResponse = Shapes::StructureShape.new(name: 'DescribeLedgerResponse')
30
30
  Digest = Shapes::BlobShape.new(name: 'Digest')
31
+ EncryptionStatus = Shapes::StringShape.new(name: 'EncryptionStatus')
31
32
  ErrorCause = Shapes::StringShape.new(name: 'ErrorCause')
32
33
  ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
33
34
  ExportJournalToS3Request = Shapes::StructureShape.new(name: 'ExportJournalToS3Request')
@@ -46,6 +47,8 @@ module Aws::QLDB
46
47
  JournalS3ExportDescription = Shapes::StructureShape.new(name: 'JournalS3ExportDescription')
47
48
  JournalS3ExportList = Shapes::ListShape.new(name: 'JournalS3ExportList')
48
49
  KinesisConfiguration = Shapes::StructureShape.new(name: 'KinesisConfiguration')
50
+ KmsKey = Shapes::StringShape.new(name: 'KmsKey')
51
+ LedgerEncryptionDescription = Shapes::StructureShape.new(name: 'LedgerEncryptionDescription')
49
52
  LedgerList = Shapes::ListShape.new(name: 'LedgerList')
50
53
  LedgerName = Shapes::StringShape.new(name: 'LedgerName')
51
54
  LedgerState = Shapes::StringShape.new(name: 'LedgerState')
@@ -90,6 +93,8 @@ module Aws::QLDB
90
93
  UniqueId = Shapes::StringShape.new(name: 'UniqueId')
91
94
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
92
95
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
96
+ UpdateLedgerPermissionsModeRequest = Shapes::StructureShape.new(name: 'UpdateLedgerPermissionsModeRequest')
97
+ UpdateLedgerPermissionsModeResponse = Shapes::StructureShape.new(name: 'UpdateLedgerPermissionsModeResponse')
93
98
  UpdateLedgerRequest = Shapes::StructureShape.new(name: 'UpdateLedgerRequest')
94
99
  UpdateLedgerResponse = Shapes::StructureShape.new(name: 'UpdateLedgerResponse')
95
100
  ValueHolder = Shapes::StructureShape.new(name: 'ValueHolder')
@@ -105,13 +110,16 @@ module Aws::QLDB
105
110
  CreateLedgerRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
106
111
  CreateLedgerRequest.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, required: true, location_name: "PermissionsMode"))
107
112
  CreateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
113
+ CreateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
108
114
  CreateLedgerRequest.struct_class = Types::CreateLedgerRequest
109
115
 
110
116
  CreateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
111
117
  CreateLedgerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
112
118
  CreateLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
113
119
  CreateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
120
+ CreateLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
114
121
  CreateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
122
+ CreateLedgerResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "KmsKeyArn"))
115
123
  CreateLedgerResponse.struct_class = Types::CreateLedgerResponse
116
124
 
117
125
  DeleteLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -138,7 +146,9 @@ module Aws::QLDB
138
146
  DescribeLedgerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
139
147
  DescribeLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
140
148
  DescribeLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
149
+ DescribeLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
141
150
  DescribeLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
151
+ DescribeLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
142
152
  DescribeLedgerResponse.struct_class = Types::DescribeLedgerResponse
143
153
 
144
154
  ExportJournalToS3Request.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -212,6 +222,11 @@ module Aws::QLDB
212
222
  KinesisConfiguration.add_member(:aggregation_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "AggregationEnabled"))
213
223
  KinesisConfiguration.struct_class = Types::KinesisConfiguration
214
224
 
225
+ LedgerEncryptionDescription.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "KmsKeyArn"))
226
+ LedgerEncryptionDescription.add_member(:encryption_status, Shapes::ShapeRef.new(shape: EncryptionStatus, required: true, location_name: "EncryptionStatus"))
227
+ LedgerEncryptionDescription.add_member(:inaccessible_kms_key_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "InaccessibleKmsKeyDateTime"))
228
+ LedgerEncryptionDescription.struct_class = Types::LedgerEncryptionDescription
229
+
215
230
  LedgerList.member = Shapes::ShapeRef.new(shape: LedgerSummary)
216
231
 
217
232
  LedgerSummary.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -321,8 +336,18 @@ module Aws::QLDB
321
336
 
322
337
  UntagResourceResponse.struct_class = Types::UntagResourceResponse
323
338
 
339
+ UpdateLedgerPermissionsModeRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
340
+ UpdateLedgerPermissionsModeRequest.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, required: true, location_name: "PermissionsMode"))
341
+ UpdateLedgerPermissionsModeRequest.struct_class = Types::UpdateLedgerPermissionsModeRequest
342
+
343
+ UpdateLedgerPermissionsModeResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
344
+ UpdateLedgerPermissionsModeResponse.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
345
+ UpdateLedgerPermissionsModeResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
346
+ UpdateLedgerPermissionsModeResponse.struct_class = Types::UpdateLedgerPermissionsModeResponse
347
+
324
348
  UpdateLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
325
349
  UpdateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
350
+ UpdateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
326
351
  UpdateLedgerRequest.struct_class = Types::UpdateLedgerRequest
327
352
 
328
353
  UpdateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -330,6 +355,7 @@ module Aws::QLDB
330
355
  UpdateLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
331
356
  UpdateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
332
357
  UpdateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
358
+ UpdateLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
333
359
  UpdateLedgerResponse.struct_class = Types::UpdateLedgerResponse
334
360
 
335
361
  ValueHolder.add_member(:ion_text, Shapes::ShapeRef.new(shape: IonText, location_name: "IonText"))
@@ -571,6 +597,16 @@ module Aws::QLDB
571
597
  o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
572
598
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
573
599
  end)
600
+
601
+ api.add_operation(:update_ledger_permissions_mode, Seahorse::Model::Operation.new.tap do |o|
602
+ o.name = "UpdateLedgerPermissionsMode"
603
+ o.http_method = "PATCH"
604
+ o.http_request_uri = "/ledgers/{name}/permissions-mode"
605
+ o.input = Shapes::ShapeRef.new(shape: UpdateLedgerPermissionsModeRequest)
606
+ o.output = Shapes::ShapeRef.new(shape: UpdateLedgerPermissionsModeResponse)
607
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
608
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
609
+ end)
574
610
  end
575
611
 
576
612
  end
@@ -23,7 +23,8 @@ module Aws::QLDB
23
23
  # @return [String]
24
24
  #
25
25
  # @!attribute [rw] stream_id
26
- # The unique ID that QLDB assigns to each QLDB journal stream.
26
+ # The UUID (represented in Base62-encoded text) of the QLDB journal
27
+ # stream to be canceled.
27
28
  # @return [String]
28
29
  #
29
30
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamRequest AWS API Documentation
@@ -36,7 +37,7 @@ module Aws::QLDB
36
37
  end
37
38
 
38
39
  # @!attribute [rw] stream_id
39
- # The unique ID that QLDB assigns to each QLDB journal stream.
40
+ # The UUID (Base62-encoded text) of the canceled QLDB journal stream.
40
41
  # @return [String]
41
42
  #
42
43
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamResponse AWS API Documentation
@@ -55,13 +56,15 @@ module Aws::QLDB
55
56
  # tags: {
56
57
  # "TagKey" => "TagValue",
57
58
  # },
58
- # permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL
59
+ # permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
59
60
  # deletion_protection: false,
61
+ # kms_key: "KmsKey",
60
62
  # }
61
63
  #
62
64
  # @!attribute [rw] name
63
65
  # The name of the ledger that you want to create. The name must be
64
- # unique among all of your ledgers in the current AWS Region.
66
+ # unique among all of the ledgers in your account in the current
67
+ # Region.
65
68
  #
66
69
  # Naming constraints for ledger names are defined in [Quotas in Amazon
67
70
  # QLDB][1] in the *Amazon QLDB Developer Guide*.
@@ -79,7 +82,37 @@ module Aws::QLDB
79
82
  #
80
83
  # @!attribute [rw] permissions_mode
81
84
  # The permissions mode to assign to the ledger that you want to
82
- # create.
85
+ # create. This parameter can have one of the following values:
86
+ #
87
+ # * `ALLOW_ALL`\: A legacy permissions mode that enables access
88
+ # control with API-level granularity for ledgers.
89
+ #
90
+ # This mode allows users who have the `SendCommand` API permission
91
+ # for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
92
+ # on any tables in the specified ledger. This mode disregards any
93
+ # table-level or command-level IAM permissions policies that you
94
+ # create for the ledger.
95
+ #
96
+ # * `STANDARD`\: (*Recommended*) A permissions mode that enables
97
+ # access control with finer granularity for ledgers, tables, and
98
+ # PartiQL commands.
99
+ #
100
+ # By default, this mode denies all user requests to run any PartiQL
101
+ # commands on any tables in this ledger. To allow PartiQL commands
102
+ # to run, you must create IAM permissions policies for specific
103
+ # table resources and PartiQL actions, in addition to the
104
+ # `SendCommand` API permission for the ledger. For information, see
105
+ # [Getting started with the standard permissions mode][1] in the
106
+ # *Amazon QLDB Developer Guide*.
107
+ #
108
+ # <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
109
+ # maximize the security of your ledger data.
110
+ #
111
+ # </note>
112
+ #
113
+ #
114
+ #
115
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
83
116
  # @return [String]
84
117
  #
85
118
  # @!attribute [rw] deletion_protection
@@ -88,20 +121,64 @@ module Aws::QLDB
88
121
  # default.
89
122
  #
90
123
  # If deletion protection is enabled, you must first disable it before
91
- # you can delete the ledger using the QLDB API or the AWS Command Line
92
- # Interface (AWS CLI). You can disable it by calling the
93
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
94
- # console disables deletion protection for you when you use it to
95
- # delete a ledger.
124
+ # you can delete the ledger. You can disable it by calling the
125
+ # `UpdateLedger` operation to set the flag to `false`.
96
126
  # @return [Boolean]
97
127
  #
128
+ # @!attribute [rw] kms_key
129
+ # The key in Key Management Service (KMS) to use for encryption of
130
+ # data at rest in the ledger. For more information, see [Encryption at
131
+ # rest][1] in the *Amazon QLDB Developer Guide*.
132
+ #
133
+ # Use one of the following options to specify this parameter:
134
+ #
135
+ # * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
136
+ # Amazon Web Services on your behalf.
137
+ #
138
+ # * **Undefined**\: By default, use an Amazon Web Services owned KMS
139
+ # key.
140
+ #
141
+ # * **A valid symmetric customer managed KMS key**\: Use the specified
142
+ # KMS key in your account that you create, own, and manage.
143
+ #
144
+ # Amazon QLDB does not support asymmetric keys. For more
145
+ # information, see [Using symmetric and asymmetric keys][2] in the
146
+ # *Key Management Service Developer Guide*.
147
+ #
148
+ # To specify a customer managed KMS key, you can use its key ID,
149
+ # Amazon Resource Name (ARN), alias name, or alias ARN. When using an
150
+ # alias name, prefix it with `"alias/"`. To specify a key in a
151
+ # different account, you must use the key ARN or alias ARN.
152
+ #
153
+ # For example:
154
+ #
155
+ # * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
156
+ #
157
+ # * Key ARN:
158
+ # `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
159
+ #
160
+ # * Alias name: `alias/ExampleAlias`
161
+ #
162
+ # * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
163
+ #
164
+ # For more information, see [Key identifiers (KeyId)][3] in the *Key
165
+ # Management Service Developer Guide*.
166
+ #
167
+ #
168
+ #
169
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
170
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
171
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
172
+ # @return [String]
173
+ #
98
174
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerRequest AWS API Documentation
99
175
  #
100
176
  class CreateLedgerRequest < Struct.new(
101
177
  :name,
102
178
  :tags,
103
179
  :permissions_mode,
104
- :deletion_protection)
180
+ :deletion_protection,
181
+ :kms_key)
105
182
  SENSITIVE = []
106
183
  include Aws::Structure
107
184
  end
@@ -124,19 +201,26 @@ module Aws::QLDB
124
201
  # 12:00:00 AM January 1, 1970 UTC.)
125
202
  # @return [Time]
126
203
  #
204
+ # @!attribute [rw] permissions_mode
205
+ # The permissions mode of the ledger that you created.
206
+ # @return [String]
207
+ #
127
208
  # @!attribute [rw] deletion_protection
128
209
  # The flag that prevents a ledger from being deleted by any user. If
129
210
  # not provided on ledger creation, this feature is enabled (`true`) by
130
211
  # default.
131
212
  #
132
213
  # If deletion protection is enabled, you must first disable it before
133
- # you can delete the ledger using the QLDB API or the AWS Command Line
134
- # Interface (AWS CLI). You can disable it by calling the
135
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
136
- # console disables deletion protection for you when you use it to
137
- # delete a ledger.
214
+ # you can delete the ledger. You can disable it by calling the
215
+ # `UpdateLedger` operation to set the flag to `false`.
138
216
  # @return [Boolean]
139
217
  #
218
+ # @!attribute [rw] kms_key_arn
219
+ # The ARN of the customer managed KMS key that the ledger uses for
220
+ # encryption at rest. If this parameter is undefined, the ledger uses
221
+ # an Amazon Web Services owned KMS key for encryption.
222
+ # @return [String]
223
+ #
140
224
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerResponse AWS API Documentation
141
225
  #
142
226
  class CreateLedgerResponse < Struct.new(
@@ -144,7 +228,9 @@ module Aws::QLDB
144
228
  :arn,
145
229
  :state,
146
230
  :creation_date_time,
147
- :deletion_protection)
231
+ :permissions_mode,
232
+ :deletion_protection,
233
+ :kms_key_arn)
148
234
  SENSITIVE = []
149
235
  include Aws::Structure
150
236
  end
@@ -181,7 +267,8 @@ module Aws::QLDB
181
267
  # @return [String]
182
268
  #
183
269
  # @!attribute [rw] stream_id
184
- # The unique ID that QLDB assigns to each QLDB journal stream.
270
+ # The UUID (represented in Base62-encoded text) of the QLDB journal
271
+ # stream to describe.
185
272
  # @return [String]
186
273
  #
187
274
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalKinesisStreamRequest AWS API Documentation
@@ -219,7 +306,8 @@ module Aws::QLDB
219
306
  # @return [String]
220
307
  #
221
308
  # @!attribute [rw] export_id
222
- # The unique ID of the journal export job that you want to describe.
309
+ # The UUID (represented in Base62-encoded text) of the journal export
310
+ # job to describe.
223
311
  # @return [String]
224
312
  #
225
313
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalS3ExportRequest AWS API Documentation
@@ -281,19 +369,26 @@ module Aws::QLDB
281
369
  # 12:00:00 AM January 1, 1970 UTC.)
282
370
  # @return [Time]
283
371
  #
372
+ # @!attribute [rw] permissions_mode
373
+ # The permissions mode of the ledger.
374
+ # @return [String]
375
+ #
284
376
  # @!attribute [rw] deletion_protection
285
377
  # The flag that prevents a ledger from being deleted by any user. If
286
378
  # not provided on ledger creation, this feature is enabled (`true`) by
287
379
  # default.
288
380
  #
289
381
  # If deletion protection is enabled, you must first disable it before
290
- # you can delete the ledger using the QLDB API or the AWS Command Line
291
- # Interface (AWS CLI). You can disable it by calling the
292
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
293
- # console disables deletion protection for you when you use it to
294
- # delete a ledger.
382
+ # you can delete the ledger. You can disable it by calling the
383
+ # `UpdateLedger` operation to set the flag to `false`.
295
384
  # @return [Boolean]
296
385
  #
386
+ # @!attribute [rw] encryption_description
387
+ # Information about the encryption of data at rest in the ledger. This
388
+ # includes the current status, the KMS key, and when the key became
389
+ # inaccessible (in the case of an error).
390
+ # @return [Types::LedgerEncryptionDescription]
391
+ #
297
392
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedgerResponse AWS API Documentation
298
393
  #
299
394
  class DescribeLedgerResponse < Struct.new(
@@ -301,7 +396,9 @@ module Aws::QLDB
301
396
  :arn,
302
397
  :state,
303
398
  :creation_date_time,
304
- :deletion_protection)
399
+ :permissions_mode,
400
+ :deletion_protection,
401
+ :encryption_description)
305
402
  SENSITIVE = []
306
403
  include Aws::Structure
307
404
  end
@@ -330,11 +427,11 @@ module Aws::QLDB
330
427
  #
331
428
  # @!attribute [rw] inclusive_start_time
332
429
  # The inclusive start date and time for the range of journal contents
333
- # that you want to export.
430
+ # to export.
334
431
  #
335
432
  # The `InclusiveStartTime` must be in `ISO 8601` date and time format
336
433
  # and in Universal Coordinated Time (UTC). For example:
337
- # `2019-06-13T21:36:34Z`
434
+ # `2019-06-13T21:36:34Z`.
338
435
  #
339
436
  # The `InclusiveStartTime` must be before `ExclusiveEndTime`.
340
437
  #
@@ -344,12 +441,12 @@ module Aws::QLDB
344
441
  # @return [Time]
345
442
  #
346
443
  # @!attribute [rw] exclusive_end_time
347
- # The exclusive end date and time for the range of journal contents
348
- # that you want to export.
444
+ # The exclusive end date and time for the range of journal contents to
445
+ # export.
349
446
  #
350
447
  # The `ExclusiveEndTime` must be in `ISO 8601` date and time format
351
448
  # and in Universal Coordinated Time (UTC). For example:
352
- # `2019-06-13T21:36:34Z`
449
+ # `2019-06-13T21:36:34Z`.
353
450
  #
354
451
  # The `ExclusiveEndTime` must be less than or equal to the current UTC
355
452
  # date and time.
@@ -367,9 +464,8 @@ module Aws::QLDB
367
464
  # * Write objects into your Amazon Simple Storage Service (Amazon S3)
368
465
  # bucket.
369
466
  #
370
- # * (Optional) Use your customer master key (CMK) in AWS Key
371
- # Management Service (AWS KMS) for server-side encryption of your
372
- # exported data.
467
+ # * (Optional) Use your customer master key (CMK) in Key Management
468
+ # Service (KMS) for server-side encryption of your exported data.
373
469
  # @return [String]
374
470
  #
375
471
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/ExportJournalToS3Request AWS API Documentation
@@ -385,7 +481,8 @@ module Aws::QLDB
385
481
  end
386
482
 
387
483
  # @!attribute [rw] export_id
388
- # The unique ID that QLDB assigns to each journal export job.
484
+ # The UUID (represented in Base62-encoded text) that QLDB assigns to
485
+ # each journal export job.
389
486
  #
390
487
  # To describe your export request and check the status of the job, you
391
488
  # can use `ExportId` to call `DescribeJournalS3Export`.
@@ -421,7 +518,7 @@ module Aws::QLDB
421
518
  # Amazon Ion structure that has two fields: `strandId` and
422
519
  # `sequenceNo`.
423
520
  #
424
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
521
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
425
522
  # @return [Types::ValueHolder]
426
523
  #
427
524
  # @!attribute [rw] digest_tip_address
@@ -429,7 +526,7 @@ module Aws::QLDB
429
526
  # a proof. An address is an Amazon Ion structure that has two fields:
430
527
  # `strandId` and `sequenceNo`.
431
528
  #
432
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
529
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
433
530
  # @return [Types::ValueHolder]
434
531
  #
435
532
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetBlockRequest AWS API Documentation
@@ -524,11 +621,12 @@ module Aws::QLDB
524
621
  # address is an Amazon Ion structure that has two fields: `strandId`
525
622
  # and `sequenceNo`.
526
623
  #
527
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
624
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
528
625
  # @return [Types::ValueHolder]
529
626
  #
530
627
  # @!attribute [rw] document_id
531
- # The unique ID of the document to be verified.
628
+ # The UUID (represented in Base62-encoded text) of the document to be
629
+ # verified.
532
630
  # @return [String]
533
631
  #
534
632
  # @!attribute [rw] digest_tip_address
@@ -536,7 +634,7 @@ module Aws::QLDB
536
634
  # a proof. An address is an Amazon Ion structure that has two fields:
537
635
  # `strandId` and `sequenceNo`.
538
636
  #
539
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
637
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
540
638
  # @return [Types::ValueHolder]
541
639
  #
542
640
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetRevisionRequest AWS API Documentation
@@ -588,9 +686,9 @@ module Aws::QLDB
588
686
  include Aws::Structure
589
687
  end
590
688
 
591
- # The information about an Amazon QLDB journal stream, including the
592
- # Amazon Resource Name (ARN), stream name, creation time, current
593
- # status, and the parameters of your original stream creation request.
689
+ # Information about an Amazon QLDB journal stream, including the Amazon
690
+ # Resource Name (ARN), stream name, creation time, current status, and
691
+ # the parameters of the original stream creation request.
594
692
  #
595
693
  # @!attribute [rw] ledger_name
596
694
  # The name of the ledger.
@@ -609,7 +707,7 @@ module Aws::QLDB
609
707
  #
610
708
  # @!attribute [rw] exclusive_end_time
611
709
  # The exclusive date and time that specifies when the stream ends. If
612
- # this parameter is blank, the stream runs indefinitely until you
710
+ # this parameter is undefined, the stream runs indefinitely until you
613
711
  # cancel it.
614
712
  # @return [Time]
615
713
  #
@@ -620,7 +718,8 @@ module Aws::QLDB
620
718
  # @return [String]
621
719
  #
622
720
  # @!attribute [rw] stream_id
623
- # The unique ID that QLDB assigns to each QLDB journal stream.
721
+ # The UUID (represented in Base62-encoded text) of the QLDB journal
722
+ # stream.
624
723
  # @return [String]
625
724
  #
626
725
  # @!attribute [rw] arn
@@ -633,7 +732,7 @@ module Aws::QLDB
633
732
  #
634
733
  # @!attribute [rw] kinesis_configuration
635
734
  # The configuration settings of the Amazon Kinesis Data Streams
636
- # destination for your QLDB journal stream.
735
+ # destination for a QLDB journal stream.
637
736
  # @return [Types::KinesisConfiguration]
638
737
  #
639
738
  # @!attribute [rw] error_cause
@@ -664,16 +763,17 @@ module Aws::QLDB
664
763
  include Aws::Structure
665
764
  end
666
765
 
667
- # The information about a journal export job, including the ledger name,
668
- # export ID, when it was created, current status, and its start and end
669
- # time export parameters.
766
+ # Information about a journal export job, including the ledger name,
767
+ # export ID, creation time, current status, and the parameters of the
768
+ # original export creation request.
670
769
  #
671
770
  # @!attribute [rw] ledger_name
672
771
  # The name of the ledger.
673
772
  # @return [String]
674
773
  #
675
774
  # @!attribute [rw] export_id
676
- # The unique ID of the journal export job.
775
+ # The UUID (represented in Base62-encoded text) of the journal export
776
+ # job.
677
777
  # @return [String]
678
778
  #
679
779
  # @!attribute [rw] export_creation_time
@@ -708,9 +808,8 @@ module Aws::QLDB
708
808
  # * Write objects into your Amazon Simple Storage Service (Amazon S3)
709
809
  # bucket.
710
810
  #
711
- # * (Optional) Use your customer master key (CMK) in AWS Key
712
- # Management Service (AWS KMS) for server-side encryption of your
713
- # exported data.
811
+ # * (Optional) Use your customer master key (CMK) in Key Management
812
+ # Service (KMS) for server-side encryption of your exported data.
714
813
  # @return [String]
715
814
  #
716
815
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/JournalS3ExportDescription AWS API Documentation
@@ -729,7 +828,7 @@ module Aws::QLDB
729
828
  end
730
829
 
731
830
  # The configuration settings of the Amazon Kinesis Data Streams
732
- # destination for your Amazon QLDB journal stream.
831
+ # destination for an Amazon QLDB journal stream.
733
832
  #
734
833
  # @note When making an API call, you may pass KinesisConfiguration
735
834
  # data as a hash:
@@ -740,17 +839,24 @@ module Aws::QLDB
740
839
  # }
741
840
  #
742
841
  # @!attribute [rw] stream_arn
743
- # The Amazon Resource Name (ARN) of the Kinesis data stream resource.
842
+ # The Amazon Resource Name (ARN) of the Kinesis Data Streams resource.
744
843
  # @return [String]
745
844
  #
746
845
  # @!attribute [rw] aggregation_enabled
747
846
  # Enables QLDB to publish multiple data records in a single Kinesis
748
- # Data Streams record. To learn more, see [KPL Key Concepts][1] in the
749
- # *Amazon Kinesis Data Streams Developer Guide*.
847
+ # Data Streams record, increasing the number of records sent per API
848
+ # call.
849
+ #
850
+ # *This option is enabled by default.* Record aggregation has
851
+ # important implications for processing records and requires
852
+ # de-aggregation in your stream consumer. To learn more, see [KPL Key
853
+ # Concepts][1] and [Consumer De-aggregation][2] in the *Amazon Kinesis
854
+ # Data Streams Developer Guide*.
750
855
  #
751
856
  #
752
857
  #
753
858
  # [1]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-concepts.html
859
+ # [2]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-consumer-deaggregation.html
754
860
  # @return [Boolean]
755
861
  #
756
862
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/KinesisConfiguration AWS API Documentation
@@ -762,6 +868,72 @@ module Aws::QLDB
762
868
  include Aws::Structure
763
869
  end
764
870
 
871
+ # Information about the encryption of data at rest in an Amazon QLDB
872
+ # ledger. This includes the current status, the key in Key Management
873
+ # Service (KMS), and when the key became inaccessible (in the case of an
874
+ # error).
875
+ #
876
+ # For more information, see [Encryption at rest][1] in the *Amazon QLDB
877
+ # Developer Guide*.
878
+ #
879
+ #
880
+ #
881
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
882
+ #
883
+ # @!attribute [rw] kms_key_arn
884
+ # The Amazon Resource Name (ARN) of the customer managed KMS key that
885
+ # the ledger uses for encryption at rest. If this parameter is
886
+ # undefined, the ledger uses an Amazon Web Services owned KMS key for
887
+ # encryption.
888
+ # @return [String]
889
+ #
890
+ # @!attribute [rw] encryption_status
891
+ # The current state of encryption at rest for the ledger. This can be
892
+ # one of the following values:
893
+ #
894
+ # * `ENABLED`\: Encryption is fully enabled using the specified key.
895
+ #
896
+ # * `UPDATING`\: The ledger is actively processing the specified key
897
+ # change.
898
+ #
899
+ # Key changes in QLDB are asynchronous. The ledger is fully
900
+ # accessible without any performance impact while the key change is
901
+ # being processed. The amount of time it takes to update a key
902
+ # varies depending on the ledger size.
903
+ #
904
+ # * `KMS_KEY_INACCESSIBLE`\: The specified customer managed KMS key is
905
+ # not accessible, and the ledger is impaired. Either the key was
906
+ # disabled or deleted, or the grants on the key were revoked. When a
907
+ # ledger is impaired, it is not accessible and does not accept any
908
+ # read or write requests.
909
+ #
910
+ # An impaired ledger automatically returns to an active state after
911
+ # you restore the grants on the key, or re-enable the key that was
912
+ # disabled. However, deleting a customer managed KMS key is
913
+ # irreversible. After a key is deleted, you can no longer access the
914
+ # ledgers that are protected with that key, and the data becomes
915
+ # unrecoverable permanently.
916
+ # @return [String]
917
+ #
918
+ # @!attribute [rw] inaccessible_kms_key_date_time
919
+ # The date and time, in epoch time format, when the KMS key first
920
+ # became inaccessible, in the case of an error. (Epoch time format is
921
+ # the number of seconds that have elapsed since 12:00:00 AM January 1,
922
+ # 1970 UTC.)
923
+ #
924
+ # This parameter is undefined if the KMS key is accessible.
925
+ # @return [Time]
926
+ #
927
+ # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/LedgerEncryptionDescription AWS API Documentation
928
+ #
929
+ class LedgerEncryptionDescription < Struct.new(
930
+ :kms_key_arn,
931
+ :encryption_status,
932
+ :inaccessible_kms_key_date_time)
933
+ SENSITIVE = []
934
+ include Aws::Structure
935
+ end
936
+
765
937
  # Information about a ledger, including its name, state, and when it was
766
938
  # created.
767
939
  #
@@ -957,7 +1129,7 @@ module Aws::QLDB
957
1129
 
958
1130
  # @!attribute [rw] journal_s3_exports
959
1131
  # The array of journal export job descriptions for all ledgers that
960
- # are associated with the current AWS account and Region.
1132
+ # are associated with the current account and Region.
961
1133
  # @return [Array<Types::JournalS3ExportDescription>]
962
1134
  #
963
1135
  # @!attribute [rw] next_token
@@ -1009,7 +1181,7 @@ module Aws::QLDB
1009
1181
 
1010
1182
  # @!attribute [rw] ledgers
1011
1183
  # The array of ledger summaries that are associated with the current
1012
- # AWS account and Region.
1184
+ # account and Region.
1013
1185
  # @return [Array<Types::LedgerSummary>]
1014
1186
  #
1015
1187
  # @!attribute [rw] next_token
@@ -1041,8 +1213,8 @@ module Aws::QLDB
1041
1213
  # }
1042
1214
  #
1043
1215
  # @!attribute [rw] resource_arn
1044
- # The Amazon Resource Name (ARN) for which you want to list the tags.
1045
- # For example:
1216
+ # The Amazon Resource Name (ARN) for which to list the tags. For
1217
+ # example:
1046
1218
  #
1047
1219
  # `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
1048
1220
  # @return [String]
@@ -1184,9 +1356,9 @@ module Aws::QLDB
1184
1356
  # @return [String]
1185
1357
  #
1186
1358
  # @!attribute [rw] kms_key_arn
1187
- # The Amazon Resource Name (ARN) for a symmetric customer master key
1188
- # (CMK) in AWS Key Management Service (AWS KMS). Amazon QLDB does not
1189
- # support asymmetric CMKs.
1359
+ # The Amazon Resource Name (ARN) of a symmetric customer master key
1360
+ # (CMK) in Key Management Service (KMS). Amazon S3 does not support
1361
+ # asymmetric CMKs.
1190
1362
  #
1191
1363
  # You must provide a `KmsKeyArn` if you specify `SSE_KMS` as the
1192
1364
  # `ObjectEncryptionType`.
@@ -1306,7 +1478,7 @@ module Aws::QLDB
1306
1478
  # The inclusive start date and time from which to start streaming
1307
1479
  # journal data. This parameter must be in `ISO 8601` date and time
1308
1480
  # format and in Universal Coordinated Time (UTC). For example:
1309
- # `2019-06-13T21:36:34Z`
1481
+ # `2019-06-13T21:36:34Z`.
1310
1482
  #
1311
1483
  # The `InclusiveStartTime` cannot be in the future and must be before
1312
1484
  # `ExclusiveEndTime`.
@@ -1323,7 +1495,7 @@ module Aws::QLDB
1323
1495
  #
1324
1496
  # The `ExclusiveEndTime` must be in `ISO 8601` date and time format
1325
1497
  # and in Universal Coordinated Time (UTC). For example:
1326
- # `2019-06-13T21:36:34Z`
1498
+ # `2019-06-13T21:36:34Z`.
1327
1499
  # @return [Time]
1328
1500
  #
1329
1501
  # @!attribute [rw] kinesis_configuration
@@ -1361,7 +1533,8 @@ module Aws::QLDB
1361
1533
  end
1362
1534
 
1363
1535
  # @!attribute [rw] stream_id
1364
- # The unique ID that QLDB assigns to each QLDB journal stream.
1536
+ # The UUID (represented in Base62-encoded text) that QLDB assigns to
1537
+ # each QLDB journal stream.
1365
1538
  # @return [String]
1366
1539
  #
1367
1540
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/StreamJournalToKinesisResponse AWS API Documentation
@@ -1418,14 +1591,14 @@ module Aws::QLDB
1418
1591
  # }
1419
1592
  #
1420
1593
  # @!attribute [rw] resource_arn
1421
- # The Amazon Resource Name (ARN) from which you want to remove the
1422
- # tags. For example:
1594
+ # The Amazon Resource Name (ARN) from which to remove the tags. For
1595
+ # example:
1423
1596
  #
1424
1597
  # `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
1425
1598
  # @return [String]
1426
1599
  #
1427
1600
  # @!attribute [rw] tag_keys
1428
- # The list of tag keys that you want to remove.
1601
+ # The list of tag keys to remove.
1429
1602
  # @return [Array<String>]
1430
1603
  #
1431
1604
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UntagResourceRequest AWS API Documentation
@@ -1441,12 +1614,91 @@ module Aws::QLDB
1441
1614
  #
1442
1615
  class UntagResourceResponse < Aws::EmptyStructure; end
1443
1616
 
1617
+ # @note When making an API call, you may pass UpdateLedgerPermissionsModeRequest
1618
+ # data as a hash:
1619
+ #
1620
+ # {
1621
+ # name: "LedgerName", # required
1622
+ # permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
1623
+ # }
1624
+ #
1625
+ # @!attribute [rw] name
1626
+ # The name of the ledger.
1627
+ # @return [String]
1628
+ #
1629
+ # @!attribute [rw] permissions_mode
1630
+ # The permissions mode to assign to the ledger. This parameter can
1631
+ # have one of the following values:
1632
+ #
1633
+ # * `ALLOW_ALL`\: A legacy permissions mode that enables access
1634
+ # control with API-level granularity for ledgers.
1635
+ #
1636
+ # This mode allows users who have the `SendCommand` API permission
1637
+ # for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
1638
+ # on any tables in the specified ledger. This mode disregards any
1639
+ # table-level or command-level IAM permissions policies that you
1640
+ # create for the ledger.
1641
+ #
1642
+ # * `STANDARD`\: (*Recommended*) A permissions mode that enables
1643
+ # access control with finer granularity for ledgers, tables, and
1644
+ # PartiQL commands.
1645
+ #
1646
+ # By default, this mode denies all user requests to run any PartiQL
1647
+ # commands on any tables in this ledger. To allow PartiQL commands
1648
+ # to run, you must create IAM permissions policies for specific
1649
+ # table resources and PartiQL actions, in addition to the
1650
+ # `SendCommand` API permission for the ledger. For information, see
1651
+ # [Getting started with the standard permissions mode][1] in the
1652
+ # *Amazon QLDB Developer Guide*.
1653
+ #
1654
+ # <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
1655
+ # maximize the security of your ledger data.
1656
+ #
1657
+ # </note>
1658
+ #
1659
+ #
1660
+ #
1661
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
1662
+ # @return [String]
1663
+ #
1664
+ # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeRequest AWS API Documentation
1665
+ #
1666
+ class UpdateLedgerPermissionsModeRequest < Struct.new(
1667
+ :name,
1668
+ :permissions_mode)
1669
+ SENSITIVE = []
1670
+ include Aws::Structure
1671
+ end
1672
+
1673
+ # @!attribute [rw] name
1674
+ # The name of the ledger.
1675
+ # @return [String]
1676
+ #
1677
+ # @!attribute [rw] arn
1678
+ # The Amazon Resource Name (ARN) for the ledger.
1679
+ # @return [String]
1680
+ #
1681
+ # @!attribute [rw] permissions_mode
1682
+ # The current permissions mode of the ledger.
1683
+ # @return [String]
1684
+ #
1685
+ # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeResponse AWS API Documentation
1686
+ #
1687
+ class UpdateLedgerPermissionsModeResponse < Struct.new(
1688
+ :name,
1689
+ :arn,
1690
+ :permissions_mode)
1691
+ SENSITIVE = []
1692
+ include Aws::Structure
1693
+ end
1694
+
1444
1695
  # @note When making an API call, you may pass UpdateLedgerRequest
1445
1696
  # data as a hash:
1446
1697
  #
1447
1698
  # {
1448
1699
  # name: "LedgerName", # required
1449
1700
  # deletion_protection: false,
1701
+ # kms_key: "KmsKey",
1450
1702
  # }
1451
1703
  #
1452
1704
  # @!attribute [rw] name
@@ -1459,18 +1711,61 @@ module Aws::QLDB
1459
1711
  # default.
1460
1712
  #
1461
1713
  # If deletion protection is enabled, you must first disable it before
1462
- # you can delete the ledger using the QLDB API or the AWS Command Line
1463
- # Interface (AWS CLI). You can disable it by calling the
1464
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
1465
- # console disables deletion protection for you when you use it to
1466
- # delete a ledger.
1714
+ # you can delete the ledger. You can disable it by calling the
1715
+ # `UpdateLedger` operation to set the flag to `false`.
1467
1716
  # @return [Boolean]
1468
1717
  #
1718
+ # @!attribute [rw] kms_key
1719
+ # The key in Key Management Service (KMS) to use for encryption of
1720
+ # data at rest in the ledger. For more information, see [Encryption at
1721
+ # rest][1] in the *Amazon QLDB Developer Guide*.
1722
+ #
1723
+ # Use one of the following options to specify this parameter:
1724
+ #
1725
+ # * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
1726
+ # Amazon Web Services on your behalf.
1727
+ #
1728
+ # * **Undefined**\: Make no changes to the KMS key of the ledger.
1729
+ #
1730
+ # * **A valid symmetric customer managed KMS key**\: Use the specified
1731
+ # KMS key in your account that you create, own, and manage.
1732
+ #
1733
+ # Amazon QLDB does not support asymmetric keys. For more
1734
+ # information, see [Using symmetric and asymmetric keys][2] in the
1735
+ # *Key Management Service Developer Guide*.
1736
+ #
1737
+ # To specify a customer managed KMS key, you can use its key ID,
1738
+ # Amazon Resource Name (ARN), alias name, or alias ARN. When using an
1739
+ # alias name, prefix it with `"alias/"`. To specify a key in a
1740
+ # different account, you must use the key ARN or alias ARN.
1741
+ #
1742
+ # For example:
1743
+ #
1744
+ # * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
1745
+ #
1746
+ # * Key ARN:
1747
+ # `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
1748
+ #
1749
+ # * Alias name: `alias/ExampleAlias`
1750
+ #
1751
+ # * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
1752
+ #
1753
+ # For more information, see [Key identifiers (KeyId)][3] in the *Key
1754
+ # Management Service Developer Guide*.
1755
+ #
1756
+ #
1757
+ #
1758
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
1759
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
1760
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
1761
+ # @return [String]
1762
+ #
1469
1763
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerRequest AWS API Documentation
1470
1764
  #
1471
1765
  class UpdateLedgerRequest < Struct.new(
1472
1766
  :name,
1473
- :deletion_protection)
1767
+ :deletion_protection,
1768
+ :kms_key)
1474
1769
  SENSITIVE = []
1475
1770
  include Aws::Structure
1476
1771
  end
@@ -1499,13 +1794,16 @@ module Aws::QLDB
1499
1794
  # default.
1500
1795
  #
1501
1796
  # If deletion protection is enabled, you must first disable it before
1502
- # you can delete the ledger using the QLDB API or the AWS Command Line
1503
- # Interface (AWS CLI). You can disable it by calling the
1504
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
1505
- # console disables deletion protection for you when you use it to
1506
- # delete a ledger.
1797
+ # you can delete the ledger. You can disable it by calling the
1798
+ # `UpdateLedger` operation to set the flag to `false`.
1507
1799
  # @return [Boolean]
1508
1800
  #
1801
+ # @!attribute [rw] encryption_description
1802
+ # Information about the encryption of data at rest in the ledger. This
1803
+ # includes the current status, the KMS key, and when the key became
1804
+ # inaccessible (in the case of an error).
1805
+ # @return [Types::LedgerEncryptionDescription]
1806
+ #
1509
1807
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerResponse AWS API Documentation
1510
1808
  #
1511
1809
  class UpdateLedgerResponse < Struct.new(
@@ -1513,7 +1811,8 @@ module Aws::QLDB
1513
1811
  :arn,
1514
1812
  :state,
1515
1813
  :creation_date_time,
1516
- :deletion_protection)
1814
+ :deletion_protection,
1815
+ :encryption_description)
1517
1816
  SENSITIVE = []
1518
1817
  include Aws::Structure
1519
1818
  end