There is a possibility of a man in the middle attack where the man in the middle is in between the enclave and QLDB, where said man in the middle would be able to replay existing QLDB SDK responses. In order to mitigate this it would be optimal to have TLS certificate pinning with AWS QLDB services, pinning the intermediate / root certificate should suffice for these purposes.
We are not yet doing this pinning and should.