Enable General Logging | Vulnerability Database

MQ Broker should have general logging enabled

Logging should be enabled to allow tracing of issues and activity to be investigated more fully. Logs provide additional information and context which is often invalauble during investigation

Impact

Without logging it is difficult to trace issues

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable general logging

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


AWSTemplateFormatVersion: 2010-09-09
Description: Good example
Resources:
  Broker:
    Type: AWS::AmazonMQ::Broker
    Properties:
      Logs:
        General: true

Enable general logging

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22


 resource "aws_mq_broker" "good_example" {
   broker_name = "example"
 
   configuration {
     id       = aws_mq_configuration.test.id
     revision = aws_mq_configuration.test.latest_revision
   }
 
   engine_type        = "ActiveMQ"
   engine_version     = "5.15.0"
   host_instance_type = "mq.t2.micro"
   security_groups    = [aws_security_group.test.id]
 
   user {
     username = "ExampleUser"
     password = "MindTheGap"
   }
   logs {
     general = true
   }
 }
 

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#general