Description

Public access of the MQ broker should be disabled and only allow routes to applications that require access.

Resolution: Disable public access when not required.

Examples

Example of incorrect code:

resource "aws_mq_broker" "bad_example" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.test.id
    revision = aws_mq_configuration.test.latest_revision
  }

  engine_type        = "ActiveMQ"
  engine_version     = "5.15.0"
  host_instance_type = "mq.t2.micro"
  security_groups    = [aws_security_group.test.id]

  user {
    username = "ExampleUser"
    password = "MindTheGap"
  }
  publicly_accessible = true
}

Example of correct code:

resource "aws_mq_broker" "good_example" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.test.id
    revision = aws_mq_configuration.test.latest_revision
  }

  engine_type        = "ActiveMQ"
  engine_version     = "5.15.0"
  host_instance_type = "mq.t2.micro"
  security_groups    = [aws_security_group.test.id]

  user {
    username = "ExampleUser"
    password = "MindTheGap"
  }
  publicly_accessible = false
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

aws-mq-no-public-access.md

aws-mq-no-public-access.md

Description

Examples

Files

aws-mq-no-public-access.md

Latest commit

History

aws-mq-no-public-access.md

File metadata and controls

Description

Examples