Top / Amazon Web Service / AWS Amazon MQ / Broker

AWS Amazon MQ Broker

This page shows how to write Terraform and CloudFormation for Amazon MQ Broker and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_mq_broker (Terraform)

The Broker in Amazon MQ can be configured in Terraform with the resource name aws_mq_broker. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

test_mq_broker.tf#L2
resource "aws_mq_broker" "noncompliant_missing" {
  #      ^^^^^^^^^^^^^^^
}

resource "aws_mq_broker" "noncompliant_disabled" {
  logs {  # Noncompliant
aws_mq_broker_general_logs.tf#L1
resource "aws_mq_broker" "allowed" {
  logs {
    general = true
  }
}
mq_broker_test.tf#L51
resource "aws_mq_broker" "my_aws_mq_broker_activemq_single_default" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.my_aws_mq_configuration.id
    revision = aws_mq_configuration.my_aws_mq_configuration.latest_revision
mq_broker_test.tf#L51
resource "aws_mq_broker" "my_aws_mq_broker_activemq_single_default" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.my_aws_mq_configuration.id
    revision = aws_mq_configuration.my_aws_mq_configuration.latest_revision
positive.tf#L1
resource "aws_mq_broker" "positive1" {
  broker_name = "no-logging"
}

resource "aws_mq_broker" "positive2" {
  broker_name = "partial-logging"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an Amazon MQ broker resource. This resources also manages users for the broker. -> For more information on Amazon MQ, see Amazon MQ documentation.

NOTE: Amazon MQ currently places limits on RabbitMQ brokers. For example, a RabbitMQ broker cannot have: instances with an associated IP address of an ENI attached to the broker, an associated LDAP server to authenticate and authorize broker connections, storage type EFS, audit logging, or configuration blocks. Although this resource allows you to create RabbitMQ users, RabbitMQ users cannot have console access or groups. Also, Amazon MQ does not return information about RabbitMQ users so drift detection is not possible. NOTE: Changes to an MQ Broker can occur when you change a parameter, such as configuration or user, and are reflected in the next maintenance window. Because of this, Terraform may report a difference in its planning phase because a modification has not yet taken place. You can use the apply_immediately flag to instruct the service to apply the change immediately (see documentation below). Using apply_immediately can result in a brief downtime as the broker reboots. NOTE: All arguments including the username and password will be stored in the raw state as plain-text. Read more about sensitive data in state.

>> from Terraform Registry

AWS::AmazonMQ::Broker (CloudFormation)

The Broker in AmazonMQ can be configured in CloudFormation with the resource name AWS::AmazonMQ::Broker. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

A broker is a message broker environment running on Amazon MQ. It is the basic building block of Amazon MQ.

The AWS::AmazonMQ::Broker resource lets you create Amazon MQ for ActiveMQ and Amazon MQ for RabbitMQ brokers, add configuration changes or modify users for a speified ActiveMQ broker, return information about the specified broker, and delete the broker. For more information, see How Amazon MQ works in the Amazon MQ Developer Guide.

  • ec2:CreateNetworkInterface This permission is required to allow Amazon MQ to create an elastic network interface (ENI) on behalf of your account.

  • ec2:CreateNetworkInterfacePermission This permission is required to attach the ENI to the broker instance.

  • ec2:DeleteNetworkInterface+ ec2:DeleteNetworkInterfacePermission+ ec2:DetachNetworkInterface+ ec2:DescribeInternetGateways+ ec2:DescribeNetworkInterfaces+ ec2:DescribeNetworkInterfacePermissions+ ec2:DescribeRouteTables+ ec2:DescribeSecurityGroups+ ec2:DescribeSubnets+ ec2:DescribeVpcs

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon MQ Resources

Frequently asked questions

What is AWS Amazon MQ Broker?

AWS Amazon MQ Broker is a resource for Amazon MQ of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon MQ Broker?

For Terraform, the SonarSource/sonar-iac, snyk-labs/infrastructure-as-code-goof and gilyas/infracost source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents