aws-sdk-qldb 1.14.0 → 1.18.0

data/lib/aws-sdk-qldb/client_api.rb

@@ -28,6 +28,7 @@ module Aws::QLDB
     DescribeLedgerRequest = Shapes::StructureShape.new(name: 'DescribeLedgerRequest')
     DescribeLedgerResponse = Shapes::StructureShape.new(name: 'DescribeLedgerResponse')
     Digest = Shapes::BlobShape.new(name: 'Digest')
+    EncryptionStatus = Shapes::StringShape.new(name: 'EncryptionStatus')
     ErrorCause = Shapes::StringShape.new(name: 'ErrorCause')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     ExportJournalToS3Request = Shapes::StructureShape.new(name: 'ExportJournalToS3Request')
@@ -46,6 +47,8 @@ module Aws::QLDB
     JournalS3ExportDescription = Shapes::StructureShape.new(name: 'JournalS3ExportDescription')
     JournalS3ExportList = Shapes::ListShape.new(name: 'JournalS3ExportList')
     KinesisConfiguration = Shapes::StructureShape.new(name: 'KinesisConfiguration')
+    KmsKey = Shapes::StringShape.new(name: 'KmsKey')
+    LedgerEncryptionDescription = Shapes::StructureShape.new(name: 'LedgerEncryptionDescription')
     LedgerList = Shapes::ListShape.new(name: 'LedgerList')
     LedgerName = Shapes::StringShape.new(name: 'LedgerName')
     LedgerState = Shapes::StringShape.new(name: 'LedgerState')
@@ -107,6 +110,7 @@ module Aws::QLDB
     CreateLedgerRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     CreateLedgerRequest.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, required: true, location_name: "PermissionsMode"))
     CreateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    CreateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
     CreateLedgerRequest.struct_class = Types::CreateLedgerRequest
 
     CreateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -115,6 +119,7 @@ module Aws::QLDB
     CreateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
     CreateLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     CreateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    CreateLedgerResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "KmsKeyArn"))
     CreateLedgerResponse.struct_class = Types::CreateLedgerResponse
 
     DeleteLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -143,6 +148,7 @@ module Aws::QLDB
     DescribeLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
     DescribeLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     DescribeLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    DescribeLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
     DescribeLedgerResponse.struct_class = Types::DescribeLedgerResponse
 
     ExportJournalToS3Request.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -216,6 +222,11 @@ module Aws::QLDB
     KinesisConfiguration.add_member(:aggregation_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "AggregationEnabled"))
     KinesisConfiguration.struct_class = Types::KinesisConfiguration
 
+    LedgerEncryptionDescription.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "KmsKeyArn"))
+    LedgerEncryptionDescription.add_member(:encryption_status, Shapes::ShapeRef.new(shape: EncryptionStatus, required: true, location_name: "EncryptionStatus"))
+    LedgerEncryptionDescription.add_member(:inaccessible_kms_key_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "InaccessibleKmsKeyDateTime"))
+    LedgerEncryptionDescription.struct_class = Types::LedgerEncryptionDescription
+
     LedgerList.member = Shapes::ShapeRef.new(shape: LedgerSummary)
 
     LedgerSummary.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -336,6 +347,7 @@ module Aws::QLDB
 
     UpdateLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
     UpdateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    UpdateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
     UpdateLedgerRequest.struct_class = Types::UpdateLedgerRequest
 
     UpdateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -343,6 +355,7 @@ module Aws::QLDB
     UpdateLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
     UpdateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
     UpdateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    UpdateLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
     UpdateLedgerResponse.struct_class = Types::UpdateLedgerResponse
 
     ValueHolder.add_member(:ion_text, Shapes::ShapeRef.new(shape: IonText, location_name: "IonText"))

data/lib/aws-sdk-qldb/types.rb

@@ -23,7 +23,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream to be canceled.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamRequest AWS API Documentation
@@ -36,7 +37,7 @@ module Aws::QLDB
     end
 
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (Base62-encoded text) of the canceled QLDB journal stream.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamResponse AWS API Documentation
@@ -57,11 +58,13 @@ module Aws::QLDB
     #         },
     #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
     #         deletion_protection: false,
+    #         kms_key: "KmsKey",
     #       }
     #
     # @!attribute [rw] name
     #   The name of the ledger that you want to create. The name must be
-    #   unique among all of your ledgers in the current AWS Region.
+    #   unique among all of the ledgers in your account in the current
+    #   Region.
     #
     #   Naming constraints for ledger names are defined in [Quotas in Amazon
     #   QLDB][1] in the *Amazon QLDB Developer Guide*.
@@ -84,9 +87,9 @@ module Aws::QLDB
     #   * `ALLOW_ALL`\: A legacy permissions mode that enables access
     #     control with API-level granularity for ledgers.
     #
-    #     This mode allows users who have `SendCommand` permissions for this
-    #     ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
-    #     tables in the specified ledger. This mode disregards any
+    #     This mode allows users who have the `SendCommand` API permission
+    #     for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
+    #     on any tables in the specified ledger. This mode disregards any
     #     table-level or command-level IAM permissions policies that you
     #     create for the ledger.
     #
@@ -97,13 +100,19 @@ module Aws::QLDB
     #     By default, this mode denies all user requests to run any PartiQL
     #     commands on any tables in this ledger. To allow PartiQL commands
     #     to run, you must create IAM permissions policies for specific
-    #     table resources and PartiQL actions, in addition to `SendCommand`
-    #     API permissions for the ledger.
+    #     table resources and PartiQL actions, in addition to the
+    #     `SendCommand` API permission for the ledger. For information, see
+    #     [Getting started with the standard permissions mode][1] in the
+    #     *Amazon QLDB Developer Guide*.
     #
     #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
     #   maximize the security of your ledger data.
     #
     #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
     #   @return [String]
     #
     # @!attribute [rw] deletion_protection
@@ -112,20 +121,64 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of
+    #   data at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: By default, use an Amazon Web Services owned KMS
+    #     key.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more
+    #     information, see [Using symmetric and asymmetric keys][2] in the
+    #     *Key Management Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID,
+    #   Amazon Resource Name (ARN), alias name, or alias ARN. When using an
+    #   alias name, prefix it with `"alias/"`. To specify a key in a
+    #   different account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerRequest AWS API Documentation
     #
     class CreateLedgerRequest < Struct.new(
       :name,
       :tags,
       :permissions_mode,
-      :deletion_protection)
+      :deletion_protection,
+      :kms_key)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -158,13 +211,16 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] kms_key_arn
+    #   The ARN of the customer managed KMS key that the ledger uses for
+    #   encryption at rest. If this parameter is undefined, the ledger uses
+    #   an Amazon Web Services owned KMS key for encryption.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerResponse AWS API Documentation
     #
     class CreateLedgerResponse < Struct.new(
@@ -173,7 +229,8 @@ module Aws::QLDB
       :state,
       :creation_date_time,
       :permissions_mode,
-      :deletion_protection)
+      :deletion_protection,
+      :kms_key_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -210,7 +267,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream to describe.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalKinesisStreamRequest AWS API Documentation
@@ -248,7 +306,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] export_id
-    #   The unique ID of the journal export job that you want to describe.
+    #   The UUID (represented in Base62-encoded text) of the journal export
+    #   job to describe.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalS3ExportRequest AWS API Documentation
@@ -320,13 +379,16 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_description
+    #   Information about the encryption of data at rest in the ledger. This
+    #   includes the current status, the KMS key, and when the key became
+    #   inaccessible (in the case of an error).
+    #   @return [Types::LedgerEncryptionDescription]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedgerResponse AWS API Documentation
     #
     class DescribeLedgerResponse < Struct.new(
@@ -335,7 +397,8 @@ module Aws::QLDB
       :state,
       :creation_date_time,
       :permissions_mode,
-      :deletion_protection)
+      :deletion_protection,
+      :encryption_description)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -364,11 +427,11 @@ module Aws::QLDB
     #
     # @!attribute [rw] inclusive_start_time
     #   The inclusive start date and time for the range of journal contents
-    #   that you want to export.
+    #   to export.
     #
     #   The `InclusiveStartTime` must be in `ISO 8601` date and time format
     #   and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `InclusiveStartTime` must be before `ExclusiveEndTime`.
     #
@@ -378,12 +441,12 @@ module Aws::QLDB
     #   @return [Time]
     #
     # @!attribute [rw] exclusive_end_time
-    #   The exclusive end date and time for the range of journal contents
-    #   that you want to export.
+    #   The exclusive end date and time for the range of journal contents to
+    #   export.
     #
     #   The `ExclusiveEndTime` must be in `ISO 8601` date and time format
     #   and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `ExclusiveEndTime` must be less than or equal to the current UTC
     #   date and time.
@@ -401,9 +464,8 @@ module Aws::QLDB
     #   * Write objects into your Amazon Simple Storage Service (Amazon S3)
     #     bucket.
     #
-    #   * (Optional) Use your customer master key (CMK) in AWS Key
-    #     Management Service (AWS KMS) for server-side encryption of your
-    #     exported data.
+    #   * (Optional) Use your customer master key (CMK) in Key Management
+    #     Service (KMS) for server-side encryption of your exported data.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/ExportJournalToS3Request AWS API Documentation
@@ -419,7 +481,8 @@ module Aws::QLDB
     end
 
     # @!attribute [rw] export_id
-    #   The unique ID that QLDB assigns to each journal export job.
+    #   The UUID (represented in Base62-encoded text) that QLDB assigns to
+    #   each journal export job.
     #
     #   To describe your export request and check the status of the job, you
     #   can use `ExportId` to call `DescribeJournalS3Export`.
@@ -455,7 +518,7 @@ module Aws::QLDB
     #   Amazon Ion structure that has two fields: `strandId` and
     #   `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
     #   @return [Types::ValueHolder]
     #
     # @!attribute [rw] digest_tip_address
@@ -463,7 +526,7 @@ module Aws::QLDB
     #   a proof. An address is an Amazon Ion structure that has two fields:
     #   `strandId` and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
     #   @return [Types::ValueHolder]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetBlockRequest AWS API Documentation
@@ -558,11 +621,12 @@ module Aws::QLDB
     #   address is an Amazon Ion structure that has two fields: `strandId`
     #   and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
     #   @return [Types::ValueHolder]
     #
     # @!attribute [rw] document_id
-    #   The unique ID of the document to be verified.
+    #   The UUID (represented in Base62-encoded text) of the document to be
+    #   verified.
     #   @return [String]
     #
     # @!attribute [rw] digest_tip_address
@@ -570,7 +634,7 @@ module Aws::QLDB
     #   a proof. An address is an Amazon Ion structure that has two fields:
     #   `strandId` and `sequenceNo`.
     #
-    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
+    #   For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
     #   @return [Types::ValueHolder]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetRevisionRequest AWS API Documentation
@@ -622,9 +686,9 @@ module Aws::QLDB
       include Aws::Structure
     end
 
-    # The information about an Amazon QLDB journal stream, including the
-    # Amazon Resource Name (ARN), stream name, creation time, current
-    # status, and the parameters of your original stream creation request.
+    # Information about an Amazon QLDB journal stream, including the Amazon
+    # Resource Name (ARN), stream name, creation time, current status, and
+    # the parameters of the original stream creation request.
     #
     # @!attribute [rw] ledger_name
     #   The name of the ledger.
@@ -643,7 +707,7 @@ module Aws::QLDB
     #
     # @!attribute [rw] exclusive_end_time
     #   The exclusive date and time that specifies when the stream ends. If
-    #   this parameter is blank, the stream runs indefinitely until you
+    #   this parameter is undefined, the stream runs indefinitely until you
     #   cancel it.
     #   @return [Time]
     #
@@ -654,7 +718,8 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) of the QLDB journal
+    #   stream.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -667,7 +732,7 @@ module Aws::QLDB
     #
     # @!attribute [rw] kinesis_configuration
     #   The configuration settings of the Amazon Kinesis Data Streams
-    #   destination for your QLDB journal stream.
+    #   destination for a QLDB journal stream.
     #   @return [Types::KinesisConfiguration]
     #
     # @!attribute [rw] error_cause
@@ -698,16 +763,17 @@ module Aws::QLDB
       include Aws::Structure
     end
 
-    # The information about a journal export job, including the ledger name,
-    # export ID, when it was created, current status, and its start and end
-    # time export parameters.
+    # Information about a journal export job, including the ledger name,
+    # export ID, creation time, current status, and the parameters of the
+    # original export creation request.
     #
     # @!attribute [rw] ledger_name
     #   The name of the ledger.
     #   @return [String]
     #
     # @!attribute [rw] export_id
-    #   The unique ID of the journal export job.
+    #   The UUID (represented in Base62-encoded text) of the journal export
+    #   job.
     #   @return [String]
     #
     # @!attribute [rw] export_creation_time
@@ -742,9 +808,8 @@ module Aws::QLDB
     #   * Write objects into your Amazon Simple Storage Service (Amazon S3)
     #     bucket.
     #
-    #   * (Optional) Use your customer master key (CMK) in AWS Key
-    #     Management Service (AWS KMS) for server-side encryption of your
-    #     exported data.
+    #   * (Optional) Use your customer master key (CMK) in Key Management
+    #     Service (KMS) for server-side encryption of your exported data.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/JournalS3ExportDescription AWS API Documentation
@@ -763,7 +828,7 @@ module Aws::QLDB
     end
 
     # The configuration settings of the Amazon Kinesis Data Streams
-    # destination for your Amazon QLDB journal stream.
+    # destination for an Amazon QLDB journal stream.
     #
     # @note When making an API call, you may pass KinesisConfiguration
     #   data as a hash:
@@ -774,17 +839,24 @@ module Aws::QLDB
     #       }
     #
     # @!attribute [rw] stream_arn
-    #   The Amazon Resource Name (ARN) of the Kinesis data stream resource.
+    #   The Amazon Resource Name (ARN) of the Kinesis Data Streams resource.
     #   @return [String]
     #
     # @!attribute [rw] aggregation_enabled
     #   Enables QLDB to publish multiple data records in a single Kinesis
-    #   Data Streams record. To learn more, see [KPL Key Concepts][1] in the
-    #   *Amazon Kinesis Data Streams Developer Guide*.
+    #   Data Streams record, increasing the number of records sent per API
+    #   call.
+    #
+    #   *This option is enabled by default.* Record aggregation has
+    #   important implications for processing records and requires
+    #   de-aggregation in your stream consumer. To learn more, see [KPL Key
+    #   Concepts][1] and [Consumer De-aggregation][2] in the *Amazon Kinesis
+    #   Data Streams Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-concepts.html
+    #   [2]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-consumer-deaggregation.html
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/KinesisConfiguration AWS API Documentation
@@ -796,6 +868,72 @@ module Aws::QLDB
       include Aws::Structure
     end
 
+    # Information about the encryption of data at rest in an Amazon QLDB
+    # ledger. This includes the current status, the key in Key Management
+    # Service (KMS), and when the key became inaccessible (in the case of an
+    # error).
+    #
+    # For more information, see [Encryption at rest][1] in the *Amazon QLDB
+    # Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The Amazon Resource Name (ARN) of the customer managed KMS key that
+    #   the ledger uses for encryption at rest. If this parameter is
+    #   undefined, the ledger uses an Amazon Web Services owned KMS key for
+    #   encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_status
+    #   The current state of encryption at rest for the ledger. This can be
+    #   one of the following values:
+    #
+    #   * `ENABLED`\: Encryption is fully enabled using the specified key.
+    #
+    #   * `UPDATING`\: The ledger is actively processing the specified key
+    #     change.
+    #
+    #     Key changes in QLDB are asynchronous. The ledger is fully
+    #     accessible without any performance impact while the key change is
+    #     being processed. The amount of time it takes to update a key
+    #     varies depending on the ledger size.
+    #
+    #   * `KMS_KEY_INACCESSIBLE`\: The specified customer managed KMS key is
+    #     not accessible, and the ledger is impaired. Either the key was
+    #     disabled or deleted, or the grants on the key were revoked. When a
+    #     ledger is impaired, it is not accessible and does not accept any
+    #     read or write requests.
+    #
+    #     An impaired ledger automatically returns to an active state after
+    #     you restore the grants on the key, or re-enable the key that was
+    #     disabled. However, deleting a customer managed KMS key is
+    #     irreversible. After a key is deleted, you can no longer access the
+    #     ledgers that are protected with that key, and the data becomes
+    #     unrecoverable permanently.
+    #   @return [String]
+    #
+    # @!attribute [rw] inaccessible_kms_key_date_time
+    #   The date and time, in epoch time format, when the KMS key first
+    #   became inaccessible, in the case of an error. (Epoch time format is
+    #   the number of seconds that have elapsed since 12:00:00 AM January 1,
+    #   1970 UTC.)
+    #
+    #   This parameter is undefined if the KMS key is accessible.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/LedgerEncryptionDescription AWS API Documentation
+    #
+    class LedgerEncryptionDescription < Struct.new(
+      :kms_key_arn,
+      :encryption_status,
+      :inaccessible_kms_key_date_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about a ledger, including its name, state, and when it was
     # created.
     #
@@ -991,7 +1129,7 @@ module Aws::QLDB
 
     # @!attribute [rw] journal_s3_exports
     #   The array of journal export job descriptions for all ledgers that
-    #   are associated with the current AWS account and Region.
+    #   are associated with the current account and Region.
     #   @return [Array<Types::JournalS3ExportDescription>]
     #
     # @!attribute [rw] next_token
@@ -1043,7 +1181,7 @@ module Aws::QLDB
 
     # @!attribute [rw] ledgers
     #   The array of ledger summaries that are associated with the current
-    #   AWS account and Region.
+    #   account and Region.
     #   @return [Array<Types::LedgerSummary>]
     #
     # @!attribute [rw] next_token
@@ -1075,8 +1213,8 @@ module Aws::QLDB
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) for which you want to list the tags.
-    #   For example:
+    #   The Amazon Resource Name (ARN) for which to list the tags. For
+    #   example:
     #
     #   `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
     #   @return [String]
@@ -1218,9 +1356,9 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] kms_key_arn
-    #   The Amazon Resource Name (ARN) for a symmetric customer master key
-    #   (CMK) in AWS Key Management Service (AWS KMS). Amazon QLDB does not
-    #   support asymmetric CMKs.
+    #   The Amazon Resource Name (ARN) of a symmetric customer master key
+    #   (CMK) in Key Management Service (KMS). Amazon S3 does not support
+    #   asymmetric CMKs.
     #
     #   You must provide a `KmsKeyArn` if you specify `SSE_KMS` as the
     #   `ObjectEncryptionType`.
@@ -1340,7 +1478,7 @@ module Aws::QLDB
     #   The inclusive start date and time from which to start streaming
     #   journal data. This parameter must be in `ISO 8601` date and time
     #   format and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #
     #   The `InclusiveStartTime` cannot be in the future and must be before
     #   `ExclusiveEndTime`.
@@ -1357,7 +1495,7 @@ module Aws::QLDB
     #
     #   The `ExclusiveEndTime` must be in `ISO 8601` date and time format
     #   and in Universal Coordinated Time (UTC). For example:
-    #   `2019-06-13T21:36:34Z`
+    #   `2019-06-13T21:36:34Z`.
     #   @return [Time]
     #
     # @!attribute [rw] kinesis_configuration
@@ -1395,7 +1533,8 @@ module Aws::QLDB
     end
 
     # @!attribute [rw] stream_id
-    #   The unique ID that QLDB assigns to each QLDB journal stream.
+    #   The UUID (represented in Base62-encoded text) that QLDB assigns to
+    #   each QLDB journal stream.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/StreamJournalToKinesisResponse AWS API Documentation
@@ -1452,14 +1591,14 @@ module Aws::QLDB
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) from which you want to remove the
-    #   tags. For example:
+    #   The Amazon Resource Name (ARN) from which to remove the tags. For
+    #   example:
     #
     #   `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
-    #   The list of tag keys that you want to remove.
+    #   The list of tag keys to remove.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UntagResourceRequest AWS API Documentation
@@ -1494,9 +1633,9 @@ module Aws::QLDB
     #   * `ALLOW_ALL`\: A legacy permissions mode that enables access
     #     control with API-level granularity for ledgers.
     #
-    #     This mode allows users who have `SendCommand` permissions for this
-    #     ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
-    #     tables in the specified ledger. This mode disregards any
+    #     This mode allows users who have the `SendCommand` API permission
+    #     for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
+    #     on any tables in the specified ledger. This mode disregards any
     #     table-level or command-level IAM permissions policies that you
     #     create for the ledger.
     #
@@ -1507,13 +1646,19 @@ module Aws::QLDB
     #     By default, this mode denies all user requests to run any PartiQL
     #     commands on any tables in this ledger. To allow PartiQL commands
     #     to run, you must create IAM permissions policies for specific
-    #     table resources and PartiQL actions, in addition to `SendCommand`
-    #     API permissions for the ledger.
+    #     table resources and PartiQL actions, in addition to the
+    #     `SendCommand` API permission for the ledger. For information, see
+    #     [Getting started with the standard permissions mode][1] in the
+    #     *Amazon QLDB Developer Guide*.
     #
     #   <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
     #   maximize the security of your ledger data.
     #
     #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeRequest AWS API Documentation
@@ -1553,6 +1698,7 @@ module Aws::QLDB
     #       {
     #         name: "LedgerName", # required
     #         deletion_protection: false,
+    #         kms_key: "KmsKey",
     #       }
     #
     # @!attribute [rw] name
@@ -1565,18 +1711,61 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of
+    #   data at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: Make no changes to the KMS key of the ledger.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more
+    #     information, see [Using symmetric and asymmetric keys][2] in the
+    #     *Key Management Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID,
+    #   Amazon Resource Name (ARN), alias name, or alias ARN. When using an
+    #   alias name, prefix it with `"alias/"`. To specify a key in a
+    #   different account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerRequest AWS API Documentation
     #
     class UpdateLedgerRequest < Struct.new(
       :name,
-      :deletion_protection)
+      :deletion_protection,
+      :kms_key)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1605,13 +1794,16 @@ module Aws::QLDB
     #   default.
     #
     #   If deletion protection is enabled, you must first disable it before
-    #   you can delete the ledger using the QLDB API or the AWS Command Line
-    #   Interface (AWS CLI). You can disable it by calling the
-    #   `UpdateLedger` operation to set the flag to `false`. The QLDB
-    #   console disables deletion protection for you when you use it to
-    #   delete a ledger.
+    #   you can delete the ledger. You can disable it by calling the
+    #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_description
+    #   Information about the encryption of data at rest in the ledger. This
+    #   includes the current status, the KMS key, and when the key became
+    #   inaccessible (in the case of an error).
+    #   @return [Types::LedgerEncryptionDescription]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerResponse AWS API Documentation
     #
     class UpdateLedgerResponse < Struct.new(
@@ -1619,7 +1811,8 @@ module Aws::QLDB
       :arn,
       :state,
       :creation_date_time,
-      :deletion_protection)
+      :deletion_protection,
+      :encryption_description)
       SENSITIVE = []
       include Aws::Structure
     end