Step 1: Create a new ledger - Amazon Quantum Ledger Database (Amazon QLDB)

Step 1: Create a new ledger

In this step, you create a new Amazon QLDB ledger named vehicle-registration. Then, you confirm that the status of the ledger is Active. You can also verify any tags that you added to the ledger.

When you create a ledger, deletion protection is enabled by default. Deletion protection is a feature in QLDB that prevents ledgers from being deleted by any user. You can disable deletion protection when you create a ledger using the QLDB API or the AWS Command Line Interface (AWS CLI).

To create a new ledger

  1. Sign in to the AWS Management Console, and open the Amazon QLDB console at

  2. In the navigation pane, choose Getting started.

  3. On the Create your first ledger card, choose Create Ledger.

  4. On the Create Ledger page, do the following:

    • Ledger information – The Ledger name should be pre-populated with vehicle-registration.

    • Permissions mode – The permissions mode to assign to the ledger. Choose one of the following options:

      • Allow all – A legacy permissions mode that enables access control with API-level granularity for ledgers.

        This mode allows users who have the SendCommand API permission for this ledger to run all PartiQL commands (hence, ALLOW_ALL) on any tables in the specified ledger. This mode disregards any table-level or command-level IAM permissions policies that you create for the ledger.

      • Standard – (Recommended) A permissions mode that enables access control with finer granularity for ledgers, tables, and PartiQL commands. We strongly recommend using this permissions mode to maximize the security of your ledger data.

        By default, this mode denies all requests to run any PartiQL commands on any tables in this ledger. To allow PartiQL commands, you must create IAM permissions policies for specific table resources and PartiQL actions, in addition to the SendCommand API permission for the ledger. For information, see Getting started with the standard permissions mode in Amazon QLDB.

    • Encrypt data at rest – The key in AWS Key Management Service (AWS KMS) to use for encryption of data at rest. Choose one of the following options:

      • Use AWS owned KMS key – Use a KMS key that is owned and managed by AWS on your behalf. This is the default option and requires no additional setup.

      • Choose a different AWS KMS key – Use a symmetric encryption KMS key in your account that you create, own, and manage.

        To create a new key by using the AWS KMS console, choose Create an AWS KMS key. For more information, see Creating symmetric encryption KMS keys in the AWS Key Management Service Developer Guide.

        To use an existing KMS key, choose one from the dropdown list or specify a KMS key ARN.

    • Tags – (Optional) Add metadata to the ledger by attaching tags as key-value pairs. You can add tags to your ledger to help organize and identify them. For more information, see Tagging Amazon QLDB resources.

      Choose Add tag, and then enter any key-value pairs as appropriate.

  5. When the settings are as you want them, choose Create ledger.


    You can access your QLDB ledger when its status becomes Active. This can take several minutes.

  6. In the list of Ledgers, locate vehicle-registration and confirm that the ledger's status is Active.

  7. (Optional) Choose the vehicle-registration ledger name. On the vehicle-registration ledger details page, confirm that any tags that you added to the ledger appear on the Tags card. You can also edit your ledger tags using this console page.

To create tables in the vehicle-registration ledger, proceed to Step 2: Create tables, indexes, and sample data in a ledger.