Skip to content

Files

Latest commit

 

History

History
63 lines (48 loc) · 1.28 KB

aws-mq-enable-audit-logging.md

File metadata and controls

63 lines (48 loc) · 1.28 KB

Pattern: Disabled audit logging for AWS MQ

Issue: -

Description

Logging should be enabled to allow tracing of issues and activity to be investigated more fully. Logs provide additional information and context which is often invaluable during investigation

Resolution: Enable audit logging.

Examples

Example of incorrect code:

resource "aws_mq_broker" "bad_example" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.test.id
    revision = aws_mq_configuration.test.latest_revision
  }

  engine_type        = "ActiveMQ"
  engine_version     = "5.15.0"
  host_instance_type = "mq.t2.micro"
  security_groups    = [aws_security_group.test.id]

  user {
    username = "ExampleUser"
    password = "MindTheGap"
  }
  logs {
    audit = false
  }
}

Example of correct code:

resource "aws_mq_broker" "good_example" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.test.id
    revision = aws_mq_configuration.test.latest_revision
  }

  engine_type        = "ActiveMQ"
  engine_version     = "5.15.0"
  host_instance_type = "mq.t2.micro"
  security_groups    = [aws_security_group.test.id]

  user {
    username = "ExampleUser"
    password = "MindTheGap"
  }
  logs {
    audit = true
  }
}