aws-sdk-qldb 1.15.0 → 1.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f160f78ebc39ab07b285e0b80e52bed4ac6bf17c9510d7040191cc084c1651ce
-  data.tar.gz: 6daaf1d0e593052301bf0cb66936a35a6536c7fd802c04b28de6b8a25162077c
+  metadata.gz: 8316983414fbf201041f490ff20114768b7f53f9ad64ee7d9a8e1736d2f71927
+  data.tar.gz: 9b7944b5bf7edae1eabd9d1115d61ff195498564a9caf3c709f7d838c558404e
 SHA512:
-  metadata.gz: fd3e4c31677c7c8d42e8e49cd11361f2cab0f506054c4b9fef19f29bfdef23f252593a754df1094bf445bd0c96b93f5c3eea5fcf20b535c6b0c16e882d5e8ded
-  data.tar.gz: ea2176d8645cecca765f0857710dbb53ebcf8c12fb11cb76b6e9226848a947ce3a9ebb01c44005044f2d11787b5e74c519287bfb7614a1b379ec7026bca3bb6a
+  metadata.gz: 115c6a9ea018004b6334b0b9b29acd23c43e6de015cd36cfe308e5382a3f0bf607368f17444d193194b9875daf5729457f6c33ed29ba8ee327a4dd11de850857
+  data.tar.gz: e61c32fe5db38feec76e7ad55d0c78c8e50c7010662556644f5173ebc7c40b77b455796a1778852f13e6a36b48b42c1378956f9a9684c00dc935f0e8887979bb

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.16.0 (2021-07-22)
+------------------
+
+* Feature - Amazon QLDB now supports ledgers encrypted with customer managed KMS keys. Changes in CreateLedger, UpdateLedger and DescribeLedger APIs to support the changes.
+
 1.15.0 (2021-06-04)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.15.0
+1.16.0

data/lib/aws-sdk-qldb.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-qldb/customizations'
 # @!group service
 module Aws::QLDB
 
-  GEM_VERSION = '1.15.0'
+  GEM_VERSION = '1.16.0'
 
 end

data/lib/aws-sdk-qldb/client.rb

@@ -365,11 +365,11 @@ module Aws::QLDB
       req.send_request(options)
     end
 
-    # Creates a new ledger in your AWS account in the current Region.
+    # Creates a new ledger in your account in the current Region.
     #
     # @option params [required, String] :name
     #   The name of the ledger that you want to create. The name must be
-    #   unique among all of your ledgers in the current AWS Region.
+    #   unique among all of the ledgers in your account in the current Region.
     #
     #   Naming constraints for ledger names are defined in [Quotas in Amazon
     #   QLDB][1] in the *Amazon QLDB Developer Guide*.
@@ -426,6 +426,51 @@ module Aws::QLDB
     #   you can delete the ledger. You can disable it by calling the
     #   `UpdateLedger` operation to set the flag to `false`.
     #
+    # @option params [String] :kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of data
+    #   at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: By default, use an Amazon Web Services owned KMS
+    #     key.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more information,
+    #     see [Using symmetric and asymmetric keys][2] in the *Key Management
+    #     Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID, Amazon
+    #   Resource Name (ARN), alias name, or alias ARN. When using an alias
+    #   name, prefix it with `"alias/"`. To specify a key in a different
+    #   account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
+    #
     # @return [Types::CreateLedgerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateLedgerResponse#name #name} => String
@@ -434,6 +479,7 @@ module Aws::QLDB
     #   * {Types::CreateLedgerResponse#creation_date_time #creation_date_time} => Time
     #   * {Types::CreateLedgerResponse#permissions_mode #permissions_mode} => String
     #   * {Types::CreateLedgerResponse#deletion_protection #deletion_protection} => Boolean
+    #   * {Types::CreateLedgerResponse#kms_key_arn #kms_key_arn} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -444,6 +490,7 @@ module Aws::QLDB
     #     },
     #     permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
     #     deletion_protection: false,
+    #     kms_key: "KmsKey",
     #   })
     #
     # @example Response structure
@@ -454,6 +501,7 @@ module Aws::QLDB
     #   resp.creation_date_time #=> Time
     #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
     #   resp.deletion_protection #=> Boolean
+    #   resp.kms_key_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedger AWS API Documentation
     #
@@ -604,8 +652,8 @@ module Aws::QLDB
       req.send_request(options)
     end
 
-    # Returns information about a ledger, including its state and when it
-    # was created.
+    # Returns information about a ledger, including its state, permissions
+    # mode, encryption at rest settings, and when it was created.
     #
     # @option params [required, String] :name
     #   The name of the ledger that you want to describe.
@@ -618,6 +666,7 @@ module Aws::QLDB
     #   * {Types::DescribeLedgerResponse#creation_date_time #creation_date_time} => Time
     #   * {Types::DescribeLedgerResponse#permissions_mode #permissions_mode} => String
     #   * {Types::DescribeLedgerResponse#deletion_protection #deletion_protection} => Boolean
+    #   * {Types::DescribeLedgerResponse#encryption_description #encryption_description} => Types::LedgerEncryptionDescription
     #
     # @example Request syntax with placeholder values
     #
@@ -633,6 +682,9 @@ module Aws::QLDB
     #   resp.creation_date_time #=> Time
     #   resp.permissions_mode #=> String, one of "ALLOW_ALL", "STANDARD"
     #   resp.deletion_protection #=> Boolean
+    #   resp.encryption_description.kms_key_arn #=> String
+    #   resp.encryption_description.encryption_status #=> String, one of "ENABLED", "UPDATING", "KMS_KEY_INACCESSIBLE"
+    #   resp.encryption_description.inaccessible_kms_key_date_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedger AWS API Documentation
     #
@@ -696,8 +748,8 @@ module Aws::QLDB
     #   * Write objects into your Amazon Simple Storage Service (Amazon S3)
     #     bucket.
     #
-    #   * (Optional) Use your customer master key (CMK) in AWS Key Management
-    #     Service (AWS KMS) for server-side encryption of your exported data.
+    #   * (Optional) Use your customer master key (CMK) in Key Management
+    #     Service (KMS) for server-side encryption of your exported data.
     #
     # @return [Types::ExportJournalToS3Response] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -961,7 +1013,7 @@ module Aws::QLDB
     end
 
     # Returns an array of journal export job descriptions for all ledgers
-    # that are associated with the current AWS account and Region.
+    # that are associated with the current account and Region.
     #
     # This action returns a maximum of `MaxResults` items, and is paginated
     # so that you can retrieve all the items by calling
@@ -1095,7 +1147,7 @@ module Aws::QLDB
     end
 
     # Returns an array of ledger summaries that are associated with the
-    # current AWS account and Region.
+    # current account and Region.
     #
     # This action returns a maximum of 100 items and is paginated so that
     # you can retrieve all the items by calling `ListLedgers` multiple
@@ -1347,6 +1399,50 @@ module Aws::QLDB
     #   you can delete the ledger. You can disable it by calling the
     #   `UpdateLedger` operation to set the flag to `false`.
     #
+    # @option params [String] :kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of data
+    #   at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: Make no changes to the KMS key of the ledger.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more information,
+    #     see [Using symmetric and asymmetric keys][2] in the *Key Management
+    #     Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID, Amazon
+    #   Resource Name (ARN), alias name, or alias ARN. When using an alias
+    #   name, prefix it with `"alias/"`. To specify a key in a different
+    #   account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
+    #
     # @return [Types::UpdateLedgerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateLedgerResponse#name #name} => String
@@ -1354,12 +1450,14 @@ module Aws::QLDB
     #   * {Types::UpdateLedgerResponse#state #state} => String
     #   * {Types::UpdateLedgerResponse#creation_date_time #creation_date_time} => Time
     #   * {Types::UpdateLedgerResponse#deletion_protection #deletion_protection} => Boolean
+    #   * {Types::UpdateLedgerResponse#encryption_description #encryption_description} => Types::LedgerEncryptionDescription
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_ledger({
     #     name: "LedgerName", # required
     #     deletion_protection: false,
+    #     kms_key: "KmsKey",
     #   })
     #
     # @example Response structure
@@ -1369,6 +1467,9 @@ module Aws::QLDB
     #   resp.state #=> String, one of "CREATING", "ACTIVE", "DELETING", "DELETED"
     #   resp.creation_date_time #=> Time
     #   resp.deletion_protection #=> Boolean
+    #   resp.encryption_description.kms_key_arn #=> String
+    #   resp.encryption_description.encryption_status #=> String, one of "ENABLED", "UPDATING", "KMS_KEY_INACCESSIBLE"
+    #   resp.encryption_description.inaccessible_kms_key_date_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedger AWS API Documentation
     #
@@ -1468,7 +1569,7 @@ module Aws::QLDB
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-qldb'
-      context[:gem_version] = '1.15.0'
+      context[:gem_version] = '1.16.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-qldb/client_api.rb

@@ -28,6 +28,7 @@ module Aws::QLDB
     DescribeLedgerRequest = Shapes::StructureShape.new(name: 'DescribeLedgerRequest')
     DescribeLedgerResponse = Shapes::StructureShape.new(name: 'DescribeLedgerResponse')
     Digest = Shapes::BlobShape.new(name: 'Digest')
+    EncryptionStatus = Shapes::StringShape.new(name: 'EncryptionStatus')
     ErrorCause = Shapes::StringShape.new(name: 'ErrorCause')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     ExportJournalToS3Request = Shapes::StructureShape.new(name: 'ExportJournalToS3Request')
@@ -46,6 +47,8 @@ module Aws::QLDB
     JournalS3ExportDescription = Shapes::StructureShape.new(name: 'JournalS3ExportDescription')
     JournalS3ExportList = Shapes::ListShape.new(name: 'JournalS3ExportList')
     KinesisConfiguration = Shapes::StructureShape.new(name: 'KinesisConfiguration')
+    KmsKey = Shapes::StringShape.new(name: 'KmsKey')
+    LedgerEncryptionDescription = Shapes::StructureShape.new(name: 'LedgerEncryptionDescription')
     LedgerList = Shapes::ListShape.new(name: 'LedgerList')
     LedgerName = Shapes::StringShape.new(name: 'LedgerName')
     LedgerState = Shapes::StringShape.new(name: 'LedgerState')
@@ -107,6 +110,7 @@ module Aws::QLDB
     CreateLedgerRequest.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     CreateLedgerRequest.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, required: true, location_name: "PermissionsMode"))
     CreateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    CreateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
     CreateLedgerRequest.struct_class = Types::CreateLedgerRequest
 
     CreateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -115,6 +119,7 @@ module Aws::QLDB
     CreateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
     CreateLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     CreateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    CreateLedgerResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "KmsKeyArn"))
     CreateLedgerResponse.struct_class = Types::CreateLedgerResponse
 
     DeleteLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -143,6 +148,7 @@ module Aws::QLDB
     DescribeLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
     DescribeLedgerResponse.add_member(:permissions_mode, Shapes::ShapeRef.new(shape: PermissionsMode, location_name: "PermissionsMode"))
     DescribeLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    DescribeLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
     DescribeLedgerResponse.struct_class = Types::DescribeLedgerResponse
 
     ExportJournalToS3Request.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
@@ -216,6 +222,11 @@ module Aws::QLDB
     KinesisConfiguration.add_member(:aggregation_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "AggregationEnabled"))
     KinesisConfiguration.struct_class = Types::KinesisConfiguration
 
+    LedgerEncryptionDescription.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "KmsKeyArn"))
+    LedgerEncryptionDescription.add_member(:encryption_status, Shapes::ShapeRef.new(shape: EncryptionStatus, required: true, location_name: "EncryptionStatus"))
+    LedgerEncryptionDescription.add_member(:inaccessible_kms_key_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "InaccessibleKmsKeyDateTime"))
+    LedgerEncryptionDescription.struct_class = Types::LedgerEncryptionDescription
+
     LedgerList.member = Shapes::ShapeRef.new(shape: LedgerSummary)
 
     LedgerSummary.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -336,6 +347,7 @@ module Aws::QLDB
 
     UpdateLedgerRequest.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, required: true, location: "uri", location_name: "name"))
     UpdateLedgerRequest.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    UpdateLedgerRequest.add_member(:kms_key, Shapes::ShapeRef.new(shape: KmsKey, location_name: "KmsKey"))
     UpdateLedgerRequest.struct_class = Types::UpdateLedgerRequest
 
     UpdateLedgerResponse.add_member(:name, Shapes::ShapeRef.new(shape: LedgerName, location_name: "Name"))
@@ -343,6 +355,7 @@ module Aws::QLDB
     UpdateLedgerResponse.add_member(:state, Shapes::ShapeRef.new(shape: LedgerState, location_name: "State"))
     UpdateLedgerResponse.add_member(:creation_date_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "CreationDateTime"))
     UpdateLedgerResponse.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "DeletionProtection"))
+    UpdateLedgerResponse.add_member(:encryption_description, Shapes::ShapeRef.new(shape: LedgerEncryptionDescription, location_name: "EncryptionDescription"))
     UpdateLedgerResponse.struct_class = Types::UpdateLedgerResponse
 
     ValueHolder.add_member(:ion_text, Shapes::ShapeRef.new(shape: IonText, location_name: "IonText"))

data/lib/aws-sdk-qldb/types.rb

@@ -58,11 +58,13 @@ module Aws::QLDB
     #         },
     #         permissions_mode: "ALLOW_ALL", # required, accepts ALLOW_ALL, STANDARD
     #         deletion_protection: false,
+    #         kms_key: "KmsKey",
     #       }
     #
     # @!attribute [rw] name
     #   The name of the ledger that you want to create. The name must be
-    #   unique among all of your ledgers in the current AWS Region.
+    #   unique among all of the ledgers in your account in the current
+    #   Region.
     #
     #   Naming constraints for ledger names are defined in [Quotas in Amazon
     #   QLDB][1] in the *Amazon QLDB Developer Guide*.
@@ -123,13 +125,60 @@ module Aws::QLDB
     #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of
+    #   data at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: By default, use an Amazon Web Services owned KMS
+    #     key.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more
+    #     information, see [Using symmetric and asymmetric keys][2] in the
+    #     *Key Management Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID,
+    #   Amazon Resource Name (ARN), alias name, or alias ARN. When using an
+    #   alias name, prefix it with `"alias/"`. To specify a key in a
+    #   different account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerRequest AWS API Documentation
     #
     class CreateLedgerRequest < Struct.new(
       :name,
       :tags,
       :permissions_mode,
-      :deletion_protection)
+      :deletion_protection,
+      :kms_key)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -166,6 +215,12 @@ module Aws::QLDB
     #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] kms_key_arn
+    #   The ARN of the customer managed KMS key that the ledger uses for
+    #   encryption at rest. If this parameter is undefined, the ledger uses
+    #   an Amazon Web Services owned KMS key for encryption.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/CreateLedgerResponse AWS API Documentation
     #
     class CreateLedgerResponse < Struct.new(
@@ -174,7 +229,8 @@ module Aws::QLDB
       :state,
       :creation_date_time,
       :permissions_mode,
-      :deletion_protection)
+      :deletion_protection,
+      :kms_key_arn)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -327,6 +383,12 @@ module Aws::QLDB
     #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_description
+    #   Information about the encryption of data at rest in the ledger. This
+    #   includes the current status, the KMS key, and when the key became
+    #   inaccessible (in the case of an error).
+    #   @return [Types::LedgerEncryptionDescription]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/DescribeLedgerResponse AWS API Documentation
     #
     class DescribeLedgerResponse < Struct.new(
@@ -335,7 +397,8 @@ module Aws::QLDB
       :state,
       :creation_date_time,
       :permissions_mode,
-      :deletion_protection)
+      :deletion_protection,
+      :encryption_description)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -401,9 +464,8 @@ module Aws::QLDB
     #   * Write objects into your Amazon Simple Storage Service (Amazon S3)
     #     bucket.
     #
-    #   * (Optional) Use your customer master key (CMK) in AWS Key
-    #     Management Service (AWS KMS) for server-side encryption of your
-    #     exported data.
+    #   * (Optional) Use your customer master key (CMK) in Key Management
+    #     Service (KMS) for server-side encryption of your exported data.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/ExportJournalToS3Request AWS API Documentation
@@ -645,7 +707,7 @@ module Aws::QLDB
     #
     # @!attribute [rw] exclusive_end_time
     #   The exclusive date and time that specifies when the stream ends. If
-    #   this parameter is blank, the stream runs indefinitely until you
+    #   this parameter is undefined, the stream runs indefinitely until you
     #   cancel it.
     #   @return [Time]
     #
@@ -746,9 +808,8 @@ module Aws::QLDB
     #   * Write objects into your Amazon Simple Storage Service (Amazon S3)
     #     bucket.
     #
-    #   * (Optional) Use your customer master key (CMK) in AWS Key
-    #     Management Service (AWS KMS) for server-side encryption of your
-    #     exported data.
+    #   * (Optional) Use your customer master key (CMK) in Key Management
+    #     Service (KMS) for server-side encryption of your exported data.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/JournalS3ExportDescription AWS API Documentation
@@ -807,6 +868,72 @@ module Aws::QLDB
       include Aws::Structure
     end
 
+    # Information about the encryption of data at rest in an Amazon QLDB
+    # ledger. This includes the current status, the key in Key Management
+    # Service (KMS), and when the key became inaccessible (in the case of an
+    # error).
+    #
+    # For more information, see [Encryption at rest][1] in the *Amazon QLDB
+    # Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The Amazon Resource Name (ARN) of the customer managed KMS key that
+    #   the ledger uses for encryption at rest. If this parameter is
+    #   undefined, the ledger uses an Amazon Web Services owned KMS key for
+    #   encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_status
+    #   The current state of encryption at rest for the ledger. This can be
+    #   one of the following values:
+    #
+    #   * `ENABLED`\: Encryption is fully enabled using the specified key.
+    #
+    #   * `UPDATING`\: The ledger is actively processing the specified key
+    #     change.
+    #
+    #     Key changes in QLDB are asynchronous. The ledger is fully
+    #     accessible without any performance impact while the key change is
+    #     being processed. The amount of time it takes to update a key
+    #     varies depending on the ledger size.
+    #
+    #   * `KMS_KEY_INACCESSIBLE`\: The specified customer managed KMS key is
+    #     not accessible, and the ledger is impaired. Either the key was
+    #     disabled or deleted, or the grants on the key were revoked. When a
+    #     ledger is impaired, it is not accessible and does not accept any
+    #     read or write requests.
+    #
+    #     An impaired ledger automatically returns to an active state after
+    #     you restore the grants on the key, or re-enable the key that was
+    #     disabled. However, deleting a customer managed KMS key is
+    #     irreversible. After a key is deleted, you can no longer access the
+    #     ledgers that are protected with that key, and the data becomes
+    #     unrecoverable permanently.
+    #   @return [String]
+    #
+    # @!attribute [rw] inaccessible_kms_key_date_time
+    #   The date and time, in epoch time format, when the KMS key first
+    #   became inaccessible, in the case of an error. (Epoch time format is
+    #   the number of seconds that have elapsed since 12:00:00 AM January 1,
+    #   1970 UTC.)
+    #
+    #   This parameter is undefined if the KMS key is accessible.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/LedgerEncryptionDescription AWS API Documentation
+    #
+    class LedgerEncryptionDescription < Struct.new(
+      :kms_key_arn,
+      :encryption_status,
+      :inaccessible_kms_key_date_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about a ledger, including its name, state, and when it was
     # created.
     #
@@ -1002,7 +1129,7 @@ module Aws::QLDB
 
     # @!attribute [rw] journal_s3_exports
     #   The array of journal export job descriptions for all ledgers that
-    #   are associated with the current AWS account and Region.
+    #   are associated with the current account and Region.
     #   @return [Array<Types::JournalS3ExportDescription>]
     #
     # @!attribute [rw] next_token
@@ -1054,7 +1181,7 @@ module Aws::QLDB
 
     # @!attribute [rw] ledgers
     #   The array of ledger summaries that are associated with the current
-    #   AWS account and Region.
+    #   account and Region.
     #   @return [Array<Types::LedgerSummary>]
     #
     # @!attribute [rw] next_token
@@ -1229,9 +1356,9 @@ module Aws::QLDB
     #   @return [String]
     #
     # @!attribute [rw] kms_key_arn
-    #   The Amazon Resource Name (ARN) for a symmetric customer master key
-    #   (CMK) in AWS Key Management Service (AWS KMS). Amazon S3 does not
-    #   support asymmetric CMKs.
+    #   The Amazon Resource Name (ARN) of a symmetric customer master key
+    #   (CMK) in Key Management Service (KMS). Amazon S3 does not support
+    #   asymmetric CMKs.
     #
     #   You must provide a `KmsKeyArn` if you specify `SSE_KMS` as the
     #   `ObjectEncryptionType`.
@@ -1571,6 +1698,7 @@ module Aws::QLDB
     #       {
     #         name: "LedgerName", # required
     #         deletion_protection: false,
+    #         kms_key: "KmsKey",
     #       }
     #
     # @!attribute [rw] name
@@ -1587,11 +1715,57 @@ module Aws::QLDB
     #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] kms_key
+    #   The key in Key Management Service (KMS) to use for encryption of
+    #   data at rest in the ledger. For more information, see [Encryption at
+    #   rest][1] in the *Amazon QLDB Developer Guide*.
+    #
+    #   Use one of the following options to specify this parameter:
+    #
+    #   * `AWS_OWNED_KMS_KEY`\: Use an KMS key that is owned and managed by
+    #     Amazon Web Services on your behalf.
+    #
+    #   * **Undefined**\: Make no changes to the KMS key of the ledger.
+    #
+    #   * **A valid symmetric customer managed KMS key**\: Use the specified
+    #     KMS key in your account that you create, own, and manage.
+    #
+    #     Amazon QLDB does not support asymmetric keys. For more
+    #     information, see [Using symmetric and asymmetric keys][2] in the
+    #     *Key Management Service Developer Guide*.
+    #
+    #   To specify a customer managed KMS key, you can use its key ID,
+    #   Amazon Resource Name (ARN), alias name, or alias ARN. When using an
+    #   alias name, prefix it with `"alias/"`. To specify a key in a
+    #   different account, you must use the key ARN or alias ARN.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Alias name: `alias/ExampleAlias`
+    #
+    #   * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
+    #
+    #   For more information, see [Key identifiers (KeyId)][3] in the *Key
+    #   Management Service Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerRequest AWS API Documentation
     #
     class UpdateLedgerRequest < Struct.new(
       :name,
-      :deletion_protection)
+      :deletion_protection,
+      :kms_key)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1624,6 +1798,12 @@ module Aws::QLDB
     #   `UpdateLedger` operation to set the flag to `false`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_description
+    #   Information about the encryption of data at rest in the ledger. This
+    #   includes the current status, the KMS key, and when the key became
+    #   inaccessible (in the case of an error).
+    #   @return [Types::LedgerEncryptionDescription]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/qldb-2019-01-02/UpdateLedgerResponse AWS API Documentation
     #
     class UpdateLedgerResponse < Struct.new(
@@ -1631,7 +1811,8 @@ module Aws::QLDB
       :arn,
       :state,
       :creation_date_time,
-      :deletion_protection)
+      :deletion_protection,
+      :encryption_description)
       SENSITIVE = []
       include Aws::Structure
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-qldb
 version: !ruby/object:Gem::Version
-  version: 1.15.0
+  version: 1.16.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-04 00:00:00.000000000 Z
+date: 2021-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core