LOW
Source
Trivy
ID
AVD-AWS-0071

MQ Broker should have general logging enabled

Logging should be enabled to allow tracing of issues and activity to be investigated more fully. Logs provide additional information and context which is often invalauble during investigation

Impact

Follow the appropriate remediation steps below to resolve the issue.

Enable general logging

1
2
3
4
5
6
Resources:
  GoodBroker:
    Type: AWS::AmazonMQ::Broker
    Properties:
      Logs:
        General: true

Enable general logging

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
resource "aws_mq_broker" "good_example" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.test.id
    revision = aws_mq_configuration.test.latest_revision
  }

  engine_type        = "ActiveMQ"
  engine_version     = "5.15.0"
  host_instance_type = "mq.t2.micro"
  security_groups    = [aws_security_group.test.id]

  user {
    username = "ExampleUser"
    password = "MindTheGap"
  }
  logs {
    general = true
  }
}