aws-sdk-qldb 1.14.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -28,6 +28,7 @@ module Aws::QLDB
28
28
  DescribeLedgerRequest = Shapes::StructureShape.new(name: 'DescribeLedgerRequest')
29
29
  DescribeLedgerResponse = Shapes::StructureShape.new(name: 'DescribeLedgerResponse')
30
30
  Digest = Shapes::BlobShape.new(name: 'Digest')
31
+ EncryptionStatus = Shapes::StringShape.new(name: 'EncryptionStatus')
31
32
  ErrorCause = Shapes::StringShape.new(name: 'ErrorCause')
32
33
  ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
33
34
  ExportJournalToS3Request = Shapes::StructureShape.new(name: 'ExportJournalToS3Request')
@@ -46,6 +47,8 @@ module Aws::QLDB
46
47
  JournalS3ExportDescription = Shapes::StructureShape.new(name: 'JournalS3ExportDescription')
47
48
  JournalS3ExportList = Shapes::ListShape.new(name: 'JournalS3ExportList')
48
49
  KinesisConfiguration = Shapes::StructureShape.new(name: 'KinesisConfiguration')
50
+ KmsKey = Shapes::StringShape.new(name: 'KmsKey')
51
+ LedgerEncryptionDescription = Shapes::StructureShape.new(name: 'LedgerEncryptionDescription')
49
52
  LedgerList = Shapes::ListShape.new(name: 'LedgerList')
50
53
  LedgerName = Shapes::StringShape.new(name: 'LedgerName')
51
54
  LedgerState = Shapes::StringShape.new(name: 'LedgerState')
@@ -107,6 +110,7 @@ module Aws::QLDB
107
110
  CreateLedgerRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
108
111
  CreateLedgerRequest.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, required: true, location_name: "PermissionsMode"))
109
112
  CreateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
113
+ CreateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
110
114
  CreateLedgerRequest.struct_class = Types::CreateLedgerRequest
111
115
 
112
116
  CreateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -115,6 +119,7 @@ module Aws::QLDB
115
119
  CreateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
116
120
  CreateLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
117
121
  CreateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
122
+ CreateLedgerResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "KmsKeyArn"))
118
123
  CreateLedgerResponse.struct_class = Types::CreateLedgerResponse
119
124
 
120
125
  DeleteLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -143,6 +148,7 @@ module Aws::QLDB
143
148
  DescribeLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
144
149
  DescribeLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
145
150
  DescribeLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
151
+ DescribeLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
146
152
  DescribeLedgerResponse.struct_class = Types::DescribeLedgerResponse
147
153
 
148
154
  ExportJournalToS3Request.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -216,6 +222,11 @@ module Aws::QLDB
216
222
  KinesisConfiguration.add_member(:aggregation_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "AggregationEnabled"))
217
223
  KinesisConfiguration.struct_class = Types::KinesisConfiguration
218
224
 
225
+ LedgerEncryptionDescription.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "KmsKeyArn"))
226
+ LedgerEncryptionDescription.add_member(:encryption_status, Shapes::ShapeRef.new(shape: EncryptionStatus, required: true, location_name: "EncryptionStatus"))
227
+ LedgerEncryptionDescription.add_member(:inaccessible_kms_key_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "InaccessibleKmsKeyDateTime"))
228
+ LedgerEncryptionDescription.struct_class = Types::LedgerEncryptionDescription
229
+
219
230
  LedgerList.member = Shapes::ShapeRef.new(shape: LedgerSummary)
220
231
 
221
232
  LedgerSummary.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -336,6 +347,7 @@ module Aws::QLDB
336
347
 
337
348
  UpdateLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
338
349
  UpdateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
350
+ UpdateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
339
351
  UpdateLedgerRequest.struct_class = Types::UpdateLedgerRequest
340
352
 
341
353
  UpdateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -343,6 +355,7 @@ module Aws::QLDB
343
355
  UpdateLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
344
356
  UpdateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
345
357
  UpdateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
358
+ UpdateLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
346
359
  UpdateLedgerResponse.struct_class = Types::UpdateLedgerResponse
347
360
 
348
361
  ValueHolder.add_member(:ion_text, Shapes::ShapeRef.new(shape: IonText, location_name: "IonText"))
@@ -23,7 +23,8 @@ module Aws::QLDB
23
23
  # @return [String]
24
24
  #
25
25
  # @!attribute [rw] stream_id
26
- # The unique ID that QLDB assigns to each QLDB journal stream.
26
+ # The UUID (represented in Base62-encoded text) of the QLDB journal
27
+ # stream to be canceled.
27
28
  # @return [String]
28
29
  #
29
30
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamRequest AWS API Documentation
@@ -36,7 +37,7 @@ module Aws::QLDB
36
37
  end
37
38
 
38
39
  # @!attribute [rw] stream_id
39
- # The unique ID that QLDB assigns to each QLDB journal stream.
40
+ # The UUID (Base62-encoded text) of the canceled QLDB journal stream.
40
41
  # @return [String]
41
42
  #
42
43
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CancelJournalKinesisStreamResponse AWS API Documentation
@@ -57,11 +58,13 @@ module Aws::QLDB
57
58
  # },
58
59
  # permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
59
60
  # deletion_protection: false,
61
+ # kms_key: "KmsKey",
60
62
  # }
61
63
  #
62
64
  # @!attribute [rw] name
63
65
  # The name of the ledger that you want to create. The name must be
64
- # unique among all of your ledgers in the current AWS Region.
66
+ # unique among all of the ledgers in your account in the current
67
+ # Region.
65
68
  #
66
69
  # Naming constraints for ledger names are defined in [Quotas in Amazon
67
70
  # QLDB][1] in the *Amazon QLDB Developer Guide*.
@@ -84,9 +87,9 @@ module Aws::QLDB
84
87
  # * `ALLOW_ALL`\: A legacy permissions mode that enables access
85
88
  # control with API-level granularity for ledgers.
86
89
  #
87
- # This mode allows users who have `SendCommand` permissions for this
88
- # ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
89
- # tables in the specified ledger. This mode disregards any
90
+ # This mode allows users who have the `SendCommand` API permission
91
+ # for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
92
+ # on any tables in the specified ledger. This mode disregards any
90
93
  # table-level or command-level IAM permissions policies that you
91
94
  # create for the ledger.
92
95
  #
@@ -97,13 +100,19 @@ module Aws::QLDB
97
100
  # By default, this mode denies all user requests to run any PartiQL
98
101
  # commands on any tables in this ledger. To allow PartiQL commands
99
102
  # to run, you must create IAM permissions policies for specific
100
- # table resources and PartiQL actions, in addition to `SendCommand`
101
- # API permissions for the ledger.
103
+ # table resources and PartiQL actions, in addition to the
104
+ # `SendCommand` API permission for the ledger. For information, see
105
+ # [Getting started with the standard permissions mode][1] in the
106
+ # *Amazon QLDB Developer Guide*.
102
107
  #
103
108
  # <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
104
109
  # maximize the security of your ledger data.
105
110
  #
106
111
  # </note>
112
+ #
113
+ #
114
+ #
115
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
107
116
  # @return [String]
108
117
  #
109
118
  # @!attribute [rw] deletion_protection
@@ -112,20 +121,64 @@ module Aws::QLDB
112
121
  # default.
113
122
  #
114
123
  # If deletion protection is enabled, you must first disable it before
115
- # you can delete the ledger using the QLDB API or the AWS Command Line
116
- # Interface (AWS CLI). You can disable it by calling the
117
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
118
- # console disables deletion protection for you when you use it to
119
- # delete a ledger.
124
+ # you can delete the ledger. You can disable it by calling the
125
+ # `UpdateLedger` operation to set the flag to `false`.
120
126
  # @return [Boolean]
121
127
  #
128
+ # @!attribute [rw] kms_key
129
+ # The key in Key Management Service (KMS) to use for encryption of
130
+ # data at rest in the ledger. For more information, see [Encryption at
131
+ # rest][1] in the *Amazon QLDB Developer Guide*.
132
+ #
133
+ # Use one of the following options to specify this parameter:
134
+ #
135
+ # * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
136
+ # Amazon Web Services on your behalf.
137
+ #
138
+ # * **Undefined**\: By default, use an Amazon Web Services owned KMS
139
+ # key.
140
+ #
141
+ # * **A valid symmetric customer managed KMS key**\: Use the specified
142
+ # KMS key in your account that you create, own, and manage.
143
+ #
144
+ # Amazon QLDB does not support asymmetric keys. For more
145
+ # information, see [Using symmetric and asymmetric keys][2] in the
146
+ # *Key Management Service Developer Guide*.
147
+ #
148
+ # To specify a customer managed KMS key, you can use its key ID,
149
+ # Amazon Resource Name (ARN), alias name, or alias ARN. When using an
150
+ # alias name, prefix it with `"alias/"`. To specify a key in a
151
+ # different account, you must use the key ARN or alias ARN.
152
+ #
153
+ # For example:
154
+ #
155
+ # * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
156
+ #
157
+ # * Key ARN:
158
+ # `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
159
+ #
160
+ # * Alias name: `alias/ExampleAlias`
161
+ #
162
+ # * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
163
+ #
164
+ # For more information, see [Key identifiers (KeyId)][3] in the *Key
165
+ # Management Service Developer Guide*.
166
+ #
167
+ #
168
+ #
169
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
170
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
171
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
172
+ # @return [String]
173
+ #
122
174
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerRequest AWS API Documentation
123
175
  #
124
176
  class CreateLedgerRequest < Struct.new(
125
177
  :name,
126
178
  :tags,
127
179
  :permissions_mode,
128
- :deletion_protection)
180
+ :deletion_protection,
181
+ :kms_key)
129
182
  SENSITIVE = []
130
183
  include Aws::Structure
131
184
  end
@@ -158,13 +211,16 @@ module Aws::QLDB
158
211
  # default.
159
212
  #
160
213
  # If deletion protection is enabled, you must first disable it before
161
- # you can delete the ledger using the QLDB API or the AWS Command Line
162
- # Interface (AWS CLI). You can disable it by calling the
163
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
164
- # console disables deletion protection for you when you use it to
165
- # delete a ledger.
214
+ # you can delete the ledger. You can disable it by calling the
215
+ # `UpdateLedger` operation to set the flag to `false`.
166
216
  # @return [Boolean]
167
217
  #
218
+ # @!attribute [rw] kms_key_arn
219
+ # The ARN of the customer managed KMS key that the ledger uses for
220
+ # encryption at rest. If this parameter is undefined, the ledger uses
221
+ # an Amazon Web Services owned KMS key for encryption.
222
+ # @return [String]
223
+ #
168
224
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerResponse AWS API Documentation
169
225
  #
170
226
  class CreateLedgerResponse < Struct.new(
@@ -173,7 +229,8 @@ module Aws::QLDB
173
229
  :state,
174
230
  :creation_date_time,
175
231
  :permissions_mode,
176
- :deletion_protection)
232
+ :deletion_protection,
233
+ :kms_key_arn)
177
234
  SENSITIVE = []
178
235
  include Aws::Structure
179
236
  end
@@ -210,7 +267,8 @@ module Aws::QLDB
210
267
  # @return [String]
211
268
  #
212
269
  # @!attribute [rw] stream_id
213
- # The unique ID that QLDB assigns to each QLDB journal stream.
270
+ # The UUID (represented in Base62-encoded text) of the QLDB journal
271
+ # stream to describe.
214
272
  # @return [String]
215
273
  #
216
274
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalKinesisStreamRequest AWS API Documentation
@@ -248,7 +306,8 @@ module Aws::QLDB
248
306
  # @return [String]
249
307
  #
250
308
  # @!attribute [rw] export_id
251
- # The unique ID of the journal export job that you want to describe.
309
+ # The UUID (represented in Base62-encoded text) of the journal export
310
+ # job to describe.
252
311
  # @return [String]
253
312
  #
254
313
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeJournalS3ExportRequest AWS API Documentation
@@ -320,13 +379,16 @@ module Aws::QLDB
320
379
  # default.
321
380
  #
322
381
  # If deletion protection is enabled, you must first disable it before
323
- # you can delete the ledger using the QLDB API or the AWS Command Line
324
- # Interface (AWS CLI). You can disable it by calling the
325
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
326
- # console disables deletion protection for you when you use it to
327
- # delete a ledger.
382
+ # you can delete the ledger. You can disable it by calling the
383
+ # `UpdateLedger` operation to set the flag to `false`.
328
384
  # @return [Boolean]
329
385
  #
386
+ # @!attribute [rw] encryption_description
387
+ # Information about the encryption of data at rest in the ledger. This
388
+ # includes the current status, the KMS key, and when the key became
389
+ # inaccessible (in the case of an error).
390
+ # @return [Types::LedgerEncryptionDescription]
391
+ #
330
392
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedgerResponse AWS API Documentation
331
393
  #
332
394
  class DescribeLedgerResponse < Struct.new(
@@ -335,7 +397,8 @@ module Aws::QLDB
335
397
  :state,
336
398
  :creation_date_time,
337
399
  :permissions_mode,
338
- :deletion_protection)
400
+ :deletion_protection,
401
+ :encryption_description)
339
402
  SENSITIVE = []
340
403
  include Aws::Structure
341
404
  end
@@ -364,11 +427,11 @@ module Aws::QLDB
364
427
  #
365
428
  # @!attribute [rw] inclusive_start_time
366
429
  # The inclusive start date and time for the range of journal contents
367
- # that you want to export.
430
+ # to export.
368
431
  #
369
432
  # The `InclusiveStartTime` must be in `ISO 8601` date and time format
370
433
  # and in Universal Coordinated Time (UTC). For example:
371
- # `2019-06-13T21:36:34Z`
434
+ # `2019-06-13T21:36:34Z`.
372
435
  #
373
436
  # The `InclusiveStartTime` must be before `ExclusiveEndTime`.
374
437
  #
@@ -378,12 +441,12 @@ module Aws::QLDB
378
441
  # @return [Time]
379
442
  #
380
443
  # @!attribute [rw] exclusive_end_time
381
- # The exclusive end date and time for the range of journal contents
382
- # that you want to export.
444
+ # The exclusive end date and time for the range of journal contents to
445
+ # export.
383
446
  #
384
447
  # The `ExclusiveEndTime` must be in `ISO 8601` date and time format
385
448
  # and in Universal Coordinated Time (UTC). For example:
386
- # `2019-06-13T21:36:34Z`
449
+ # `2019-06-13T21:36:34Z`.
387
450
  #
388
451
  # The `ExclusiveEndTime` must be less than or equal to the current UTC
389
452
  # date and time.
@@ -401,9 +464,8 @@ module Aws::QLDB
401
464
  # * Write objects into your Amazon Simple Storage Service (Amazon S3)
402
465
  # bucket.
403
466
  #
404
- # * (Optional) Use your customer master key (CMK) in AWS Key
405
- # Management Service (AWS KMS) for server-side encryption of your
406
- # exported data.
467
+ # * (Optional) Use your customer master key (CMK) in Key Management
468
+ # Service (KMS) for server-side encryption of your exported data.
407
469
  # @return [String]
408
470
  #
409
471
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/ExportJournalToS3Request AWS API Documentation
@@ -419,7 +481,8 @@ module Aws::QLDB
419
481
  end
420
482
 
421
483
  # @!attribute [rw] export_id
422
- # The unique ID that QLDB assigns to each journal export job.
484
+ # The UUID (represented in Base62-encoded text) that QLDB assigns to
485
+ # each journal export job.
423
486
  #
424
487
  # To describe your export request and check the status of the job, you
425
488
  # can use `ExportId` to call `DescribeJournalS3Export`.
@@ -455,7 +518,7 @@ module Aws::QLDB
455
518
  # Amazon Ion structure that has two fields: `strandId` and
456
519
  # `sequenceNo`.
457
520
  #
458
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
521
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
459
522
  # @return [Types::ValueHolder]
460
523
  #
461
524
  # @!attribute [rw] digest_tip_address
@@ -463,7 +526,7 @@ module Aws::QLDB
463
526
  # a proof. An address is an Amazon Ion structure that has two fields:
464
527
  # `strandId` and `sequenceNo`.
465
528
  #
466
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
529
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
467
530
  # @return [Types::ValueHolder]
468
531
  #
469
532
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetBlockRequest AWS API Documentation
@@ -558,11 +621,12 @@ module Aws::QLDB
558
621
  # address is an Amazon Ion structure that has two fields: `strandId`
559
622
  # and `sequenceNo`.
560
623
  #
561
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`
624
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:14\}`.
562
625
  # @return [Types::ValueHolder]
563
626
  #
564
627
  # @!attribute [rw] document_id
565
- # The unique ID of the document to be verified.
628
+ # The UUID (represented in Base62-encoded text) of the document to be
629
+ # verified.
566
630
  # @return [String]
567
631
  #
568
632
  # @!attribute [rw] digest_tip_address
@@ -570,7 +634,7 @@ module Aws::QLDB
570
634
  # a proof. An address is an Amazon Ion structure that has two fields:
571
635
  # `strandId` and `sequenceNo`.
572
636
  #
573
- # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`
637
+ # For example: `\{strandId:"BlFTjlSXze9BIh1KOszcE3",sequenceNo:49\}`.
574
638
  # @return [Types::ValueHolder]
575
639
  #
576
640
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/GetRevisionRequest AWS API Documentation
@@ -622,9 +686,9 @@ module Aws::QLDB
622
686
  include Aws::Structure
623
687
  end
624
688
 
625
- # The information about an Amazon QLDB journal stream, including the
626
- # Amazon Resource Name (ARN), stream name, creation time, current
627
- # status, and the parameters of your original stream creation request.
689
+ # Information about an Amazon QLDB journal stream, including the Amazon
690
+ # Resource Name (ARN), stream name, creation time, current status, and
691
+ # the parameters of the original stream creation request.
628
692
  #
629
693
  # @!attribute [rw] ledger_name
630
694
  # The name of the ledger.
@@ -643,7 +707,7 @@ module Aws::QLDB
643
707
  #
644
708
  # @!attribute [rw] exclusive_end_time
645
709
  # The exclusive date and time that specifies when the stream ends. If
646
- # this parameter is blank, the stream runs indefinitely until you
710
+ # this parameter is undefined, the stream runs indefinitely until you
647
711
  # cancel it.
648
712
  # @return [Time]
649
713
  #
@@ -654,7 +718,8 @@ module Aws::QLDB
654
718
  # @return [String]
655
719
  #
656
720
  # @!attribute [rw] stream_id
657
- # The unique ID that QLDB assigns to each QLDB journal stream.
721
+ # The UUID (represented in Base62-encoded text) of the QLDB journal
722
+ # stream.
658
723
  # @return [String]
659
724
  #
660
725
  # @!attribute [rw] arn
@@ -667,7 +732,7 @@ module Aws::QLDB
667
732
  #
668
733
  # @!attribute [rw] kinesis_configuration
669
734
  # The configuration settings of the Amazon Kinesis Data Streams
670
- # destination for your QLDB journal stream.
735
+ # destination for a QLDB journal stream.
671
736
  # @return [Types::KinesisConfiguration]
672
737
  #
673
738
  # @!attribute [rw] error_cause
@@ -698,16 +763,17 @@ module Aws::QLDB
698
763
  include Aws::Structure
699
764
  end
700
765
 
701
- # The information about a journal export job, including the ledger name,
702
- # export ID, when it was created, current status, and its start and end
703
- # time export parameters.
766
+ # Information about a journal export job, including the ledger name,
767
+ # export ID, creation time, current status, and the parameters of the
768
+ # original export creation request.
704
769
  #
705
770
  # @!attribute [rw] ledger_name
706
771
  # The name of the ledger.
707
772
  # @return [String]
708
773
  #
709
774
  # @!attribute [rw] export_id
710
- # The unique ID of the journal export job.
775
+ # The UUID (represented in Base62-encoded text) of the journal export
776
+ # job.
711
777
  # @return [String]
712
778
  #
713
779
  # @!attribute [rw] export_creation_time
@@ -742,9 +808,8 @@ module Aws::QLDB
742
808
  # * Write objects into your Amazon Simple Storage Service (Amazon S3)
743
809
  # bucket.
744
810
  #
745
- # * (Optional) Use your customer master key (CMK) in AWS Key
746
- # Management Service (AWS KMS) for server-side encryption of your
747
- # exported data.
811
+ # * (Optional) Use your customer master key (CMK) in Key Management
812
+ # Service (KMS) for server-side encryption of your exported data.
748
813
  # @return [String]
749
814
  #
750
815
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/JournalS3ExportDescription AWS API Documentation
@@ -763,7 +828,7 @@ module Aws::QLDB
763
828
  end
764
829
 
765
830
  # The configuration settings of the Amazon Kinesis Data Streams
766
- # destination for your Amazon QLDB journal stream.
831
+ # destination for an Amazon QLDB journal stream.
767
832
  #
768
833
  # @note When making an API call, you may pass KinesisConfiguration
769
834
  # data as a hash:
@@ -774,17 +839,24 @@ module Aws::QLDB
774
839
  # }
775
840
  #
776
841
  # @!attribute [rw] stream_arn
777
- # The Amazon Resource Name (ARN) of the Kinesis data stream resource.
842
+ # The Amazon Resource Name (ARN) of the Kinesis Data Streams resource.
778
843
  # @return [String]
779
844
  #
780
845
  # @!attribute [rw] aggregation_enabled
781
846
  # Enables QLDB to publish multiple data records in a single Kinesis
782
- # Data Streams record. To learn more, see [KPL Key Concepts][1] in the
783
- # *Amazon Kinesis Data Streams Developer Guide*.
847
+ # Data Streams record, increasing the number of records sent per API
848
+ # call.
849
+ #
850
+ # *This option is enabled by default.* Record aggregation has
851
+ # important implications for processing records and requires
852
+ # de-aggregation in your stream consumer. To learn more, see [KPL Key
853
+ # Concepts][1] and [Consumer De-aggregation][2] in the *Amazon Kinesis
854
+ # Data Streams Developer Guide*.
784
855
  #
785
856
  #
786
857
  #
787
858
  # [1]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-concepts.html
859
+ # [2]: https://docs.aws.amazon.com/streams/latest/dev/kinesis-kpl-consumer-deaggregation.html
788
860
  # @return [Boolean]
789
861
  #
790
862
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/KinesisConfiguration AWS API Documentation
@@ -796,6 +868,72 @@ module Aws::QLDB
796
868
  include Aws::Structure
797
869
  end
798
870
 
871
+ # Information about the encryption of data at rest in an Amazon QLDB
872
+ # ledger. This includes the current status, the key in Key Management
873
+ # Service (KMS), and when the key became inaccessible (in the case of an
874
+ # error).
875
+ #
876
+ # For more information, see [Encryption at rest][1] in the *Amazon QLDB
877
+ # Developer Guide*.
878
+ #
879
+ #
880
+ #
881
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
882
+ #
883
+ # @!attribute [rw] kms_key_arn
884
+ # The Amazon Resource Name (ARN) of the customer managed KMS key that
885
+ # the ledger uses for encryption at rest. If this parameter is
886
+ # undefined, the ledger uses an Amazon Web Services owned KMS key for
887
+ # encryption.
888
+ # @return [String]
889
+ #
890
+ # @!attribute [rw] encryption_status
891
+ # The current state of encryption at rest for the ledger. This can be
892
+ # one of the following values:
893
+ #
894
+ # * `ENABLED`\: Encryption is fully enabled using the specified key.
895
+ #
896
+ # * `UPDATING`\: The ledger is actively processing the specified key
897
+ # change.
898
+ #
899
+ # Key changes in QLDB are asynchronous. The ledger is fully
900
+ # accessible without any performance impact while the key change is
901
+ # being processed. The amount of time it takes to update a key
902
+ # varies depending on the ledger size.
903
+ #
904
+ # * `KMS_KEY_INACCESSIBLE`\: The specified customer managed KMS key is
905
+ # not accessible, and the ledger is impaired. Either the key was
906
+ # disabled or deleted, or the grants on the key were revoked. When a
907
+ # ledger is impaired, it is not accessible and does not accept any
908
+ # read or write requests.
909
+ #
910
+ # An impaired ledger automatically returns to an active state after
911
+ # you restore the grants on the key, or re-enable the key that was
912
+ # disabled. However, deleting a customer managed KMS key is
913
+ # irreversible. After a key is deleted, you can no longer access the
914
+ # ledgers that are protected with that key, and the data becomes
915
+ # unrecoverable permanently.
916
+ # @return [String]
917
+ #
918
+ # @!attribute [rw] inaccessible_kms_key_date_time
919
+ # The date and time, in epoch time format, when the KMS key first
920
+ # became inaccessible, in the case of an error. (Epoch time format is
921
+ # the number of seconds that have elapsed since 12:00:00 AM January 1,
922
+ # 1970 UTC.)
923
+ #
924
+ # This parameter is undefined if the KMS key is accessible.
925
+ # @return [Time]
926
+ #
927
+ # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/LedgerEncryptionDescription AWS API Documentation
928
+ #
929
+ class LedgerEncryptionDescription < Struct.new(
930
+ :kms_key_arn,
931
+ :encryption_status,
932
+ :inaccessible_kms_key_date_time)
933
+ SENSITIVE = []
934
+ include Aws::Structure
935
+ end
936
+
799
937
  # Information about a ledger, including its name, state, and when it was
800
938
  # created.
801
939
  #
@@ -991,7 +1129,7 @@ module Aws::QLDB
991
1129
 
992
1130
  # @!attribute [rw] journal_s3_exports
993
1131
  # The array of journal export job descriptions for all ledgers that
994
- # are associated with the current AWS account and Region.
1132
+ # are associated with the current account and Region.
995
1133
  # @return [Array<Types::JournalS3ExportDescription>]
996
1134
  #
997
1135
  # @!attribute [rw] next_token
@@ -1043,7 +1181,7 @@ module Aws::QLDB
1043
1181
 
1044
1182
  # @!attribute [rw] ledgers
1045
1183
  # The array of ledger summaries that are associated with the current
1046
- # AWS account and Region.
1184
+ # account and Region.
1047
1185
  # @return [Array<Types::LedgerSummary>]
1048
1186
  #
1049
1187
  # @!attribute [rw] next_token
@@ -1075,8 +1213,8 @@ module Aws::QLDB
1075
1213
  # }
1076
1214
  #
1077
1215
  # @!attribute [rw] resource_arn
1078
- # The Amazon Resource Name (ARN) for which you want to list the tags.
1079
- # For example:
1216
+ # The Amazon Resource Name (ARN) for which to list the tags. For
1217
+ # example:
1080
1218
  #
1081
1219
  # `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
1082
1220
  # @return [String]
@@ -1218,9 +1356,9 @@ module Aws::QLDB
1218
1356
  # @return [String]
1219
1357
  #
1220
1358
  # @!attribute [rw] kms_key_arn
1221
- # The Amazon Resource Name (ARN) for a symmetric customer master key
1222
- # (CMK) in AWS Key Management Service (AWS KMS). Amazon QLDB does not
1223
- # support asymmetric CMKs.
1359
+ # The Amazon Resource Name (ARN) of a symmetric customer master key
1360
+ # (CMK) in Key Management Service (KMS). Amazon S3 does not support
1361
+ # asymmetric CMKs.
1224
1362
  #
1225
1363
  # You must provide a `KmsKeyArn` if you specify `SSE_KMS` as the
1226
1364
  # `ObjectEncryptionType`.
@@ -1340,7 +1478,7 @@ module Aws::QLDB
1340
1478
  # The inclusive start date and time from which to start streaming
1341
1479
  # journal data. This parameter must be in `ISO 8601` date and time
1342
1480
  # format and in Universal Coordinated Time (UTC). For example:
1343
- # `2019-06-13T21:36:34Z`
1481
+ # `2019-06-13T21:36:34Z`.
1344
1482
  #
1345
1483
  # The `InclusiveStartTime` cannot be in the future and must be before
1346
1484
  # `ExclusiveEndTime`.
@@ -1357,7 +1495,7 @@ module Aws::QLDB
1357
1495
  #
1358
1496
  # The `ExclusiveEndTime` must be in `ISO 8601` date and time format
1359
1497
  # and in Universal Coordinated Time (UTC). For example:
1360
- # `2019-06-13T21:36:34Z`
1498
+ # `2019-06-13T21:36:34Z`.
1361
1499
  # @return [Time]
1362
1500
  #
1363
1501
  # @!attribute [rw] kinesis_configuration
@@ -1395,7 +1533,8 @@ module Aws::QLDB
1395
1533
  end
1396
1534
 
1397
1535
  # @!attribute [rw] stream_id
1398
- # The unique ID that QLDB assigns to each QLDB journal stream.
1536
+ # The UUID (represented in Base62-encoded text) that QLDB assigns to
1537
+ # each QLDB journal stream.
1399
1538
  # @return [String]
1400
1539
  #
1401
1540
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/StreamJournalToKinesisResponse AWS API Documentation
@@ -1452,14 +1591,14 @@ module Aws::QLDB
1452
1591
  # }
1453
1592
  #
1454
1593
  # @!attribute [rw] resource_arn
1455
- # The Amazon Resource Name (ARN) from which you want to remove the
1456
- # tags. For example:
1594
+ # The Amazon Resource Name (ARN) from which to remove the tags. For
1595
+ # example:
1457
1596
  #
1458
1597
  # `arn:aws:qldb:us-east-1:123456789012:ledger/exampleLedger`
1459
1598
  # @return [String]
1460
1599
  #
1461
1600
  # @!attribute [rw] tag_keys
1462
- # The list of tag keys that you want to remove.
1601
+ # The list of tag keys to remove.
1463
1602
  # @return [Array<String>]
1464
1603
  #
1465
1604
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UntagResourceRequest AWS API Documentation
@@ -1494,9 +1633,9 @@ module Aws::QLDB
1494
1633
  # * `ALLOW_ALL`\: A legacy permissions mode that enables access
1495
1634
  # control with API-level granularity for ledgers.
1496
1635
  #
1497
- # This mode allows users who have `SendCommand` permissions for this
1498
- # ledger to run all PartiQL commands (hence, `ALLOW_ALL`) on any
1499
- # tables in the specified ledger. This mode disregards any
1636
+ # This mode allows users who have the `SendCommand` API permission
1637
+ # for this ledger to run all PartiQL commands (hence, `ALLOW_ALL`)
1638
+ # on any tables in the specified ledger. This mode disregards any
1500
1639
  # table-level or command-level IAM permissions policies that you
1501
1640
  # create for the ledger.
1502
1641
  #
@@ -1507,13 +1646,19 @@ module Aws::QLDB
1507
1646
  # By default, this mode denies all user requests to run any PartiQL
1508
1647
  # commands on any tables in this ledger. To allow PartiQL commands
1509
1648
  # to run, you must create IAM permissions policies for specific
1510
- # table resources and PartiQL actions, in addition to `SendCommand`
1511
- # API permissions for the ledger.
1649
+ # table resources and PartiQL actions, in addition to the
1650
+ # `SendCommand` API permission for the ledger. For information, see
1651
+ # [Getting started with the standard permissions mode][1] in the
1652
+ # *Amazon QLDB Developer Guide*.
1512
1653
  #
1513
1654
  # <note markdown="1"> We strongly recommend using the `STANDARD` permissions mode to
1514
1655
  # maximize the security of your ledger data.
1515
1656
  #
1516
1657
  # </note>
1658
+ #
1659
+ #
1660
+ #
1661
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html
1517
1662
  # @return [String]
1518
1663
  #
1519
1664
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerPermissionsModeRequest AWS API Documentation
@@ -1553,6 +1698,7 @@ module Aws::QLDB
1553
1698
  # {
1554
1699
  # name: "LedgerName", # required
1555
1700
  # deletion_protection: false,
1701
+ # kms_key: "KmsKey",
1556
1702
  # }
1557
1703
  #
1558
1704
  # @!attribute [rw] name
@@ -1565,18 +1711,61 @@ module Aws::QLDB
1565
1711
  # default.
1566
1712
  #
1567
1713
  # If deletion protection is enabled, you must first disable it before
1568
- # you can delete the ledger using the QLDB API or the AWS Command Line
1569
- # Interface (AWS CLI). You can disable it by calling the
1570
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
1571
- # console disables deletion protection for you when you use it to
1572
- # delete a ledger.
1714
+ # you can delete the ledger. You can disable it by calling the
1715
+ # `UpdateLedger` operation to set the flag to `false`.
1573
1716
  # @return [Boolean]
1574
1717
  #
1718
+ # @!attribute [rw] kms_key
1719
+ # The key in Key Management Service (KMS) to use for encryption of
1720
+ # data at rest in the ledger. For more information, see [Encryption at
1721
+ # rest][1] in the *Amazon QLDB Developer Guide*.
1722
+ #
1723
+ # Use one of the following options to specify this parameter:
1724
+ #
1725
+ # * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
1726
+ # Amazon Web Services on your behalf.
1727
+ #
1728
+ # * **Undefined**\: Make no changes to the KMS key of the ledger.
1729
+ #
1730
+ # * **A valid symmetric customer managed KMS key**\: Use the specified
1731
+ # KMS key in your account that you create, own, and manage.
1732
+ #
1733
+ # Amazon QLDB does not support asymmetric keys. For more
1734
+ # information, see [Using symmetric and asymmetric keys][2] in the
1735
+ # *Key Management Service Developer Guide*.
1736
+ #
1737
+ # To specify a customer managed KMS key, you can use its key ID,
1738
+ # Amazon Resource Name (ARN), alias name, or alias ARN. When using an
1739
+ # alias name, prefix it with `"alias/"`. To specify a key in a
1740
+ # different account, you must use the key ARN or alias ARN.
1741
+ #
1742
+ # For example:
1743
+ #
1744
+ # * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
1745
+ #
1746
+ # * Key ARN:
1747
+ # `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
1748
+ #
1749
+ # * Alias name: `alias/ExampleAlias`
1750
+ #
1751
+ # * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
1752
+ #
1753
+ # For more information, see [Key identifiers (KeyId)][3] in the *Key
1754
+ # Management Service Developer Guide*.
1755
+ #
1756
+ #
1757
+ #
1758
+ # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
1759
+ # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
1760
+ # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
1761
+ # @return [String]
1762
+ #
1575
1763
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerRequest AWS API Documentation
1576
1764
  #
1577
1765
  class UpdateLedgerRequest < Struct.new(
1578
1766
  :name,
1579
- :deletion_protection)
1767
+ :deletion_protection,
1768
+ :kms_key)
1580
1769
  SENSITIVE = []
1581
1770
  include Aws::Structure
1582
1771
  end
@@ -1605,13 +1794,16 @@ module Aws::QLDB
1605
1794
  # default.
1606
1795
  #
1607
1796
  # If deletion protection is enabled, you must first disable it before
1608
- # you can delete the ledger using the QLDB API or the AWS Command Line
1609
- # Interface (AWS CLI). You can disable it by calling the
1610
- # `UpdateLedger` operation to set the flag to `false`. The QLDB
1611
- # console disables deletion protection for you when you use it to
1612
- # delete a ledger.
1797
+ # you can delete the ledger. You can disable it by calling the
1798
+ # `UpdateLedger` operation to set the flag to `false`.
1613
1799
  # @return [Boolean]
1614
1800
  #
1801
+ # @!attribute [rw] encryption_description
1802
+ # Information about the encryption of data at rest in the ledger. This
1803
+ # includes the current status, the KMS key, and when the key became
1804
+ # inaccessible (in the case of an error).
1805
+ # @return [Types::LedgerEncryptionDescription]
1806
+ #
1615
1807
  # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerResponse AWS API Documentation
1616
1808
  #
1617
1809
  class UpdateLedgerResponse < Struct.new(
@@ -1619,7 +1811,8 @@ module Aws::QLDB
1619
1811
  :arn,
1620
1812
  :state,
1621
1813
  :creation_date_time,
1622
- :deletion_protection)
1814
+ :deletion_protection,
1815
+ :encryption_description)
1623
1816
  SENSITIVE = []
1624
1817
  include Aws::Structure
1625
1818
  end