AWS QLDB (IAM)

aws database

Amazon Quantum Ledger Database (QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log.

Common permissions

qldb:GetBlockqldb:GetDigestqldb:GetRevisionqldb:ListLedgersqldb:DescribeLedgerqldb:ListTagsForResourceqldb:TagResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "qldb:GetBlock",
        "qldb:GetDigest",
        "qldb:GetRevision",
        "qldb:ListLedgers",
        "qldb:DescribeLedger",
        "qldb:ListTagsForResource",
        "qldb:TagResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid qldb:* — grants full control including ledger deletion and permission mode changes.
Avoid qldb:DeleteLedger — can permanently remove a ledger and all its immutable data.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/qldb/qldb.json ↗

API

full doc /v1/iam/qldb