Description

QLDB Ledgers are typically used to record sensitive information of an organization. By using permissions mode you can control the access to your QLDB Ledger. The ""Allow all"" permissions allows any user with command access on the ledger to manage all of its tables, indexes, and data. It was detected that the QLDB Ledger {AwsQldbLedger} is using ""Allow all"" permissions mode.

• 

  Recommended Mitigation

  The ""Allow all"" is a legacy permissions mode that isn't recommended for new ledgers. The recommended permissions mode for new ledgers is ""Standard"", it enables you to control access to the ledger and its individual tables by using AWS IAM. For more information on how to change the permissions mode, see: https://docs.aws.amazon.com/qldb/latest/developerguide/ledger-management.basics.html#ledger-management.basics.update-permissions