Ensure MQ Broker is not publicly exposed
Public access of the MQ broker should be disabled and only allow routes to applications that require access.
Impact
Publicly accessible MQ Broker may be vulnerable to compromise
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Disable public access when not required
1
2
3
4
5
6
7
8
9
|
AWSTemplateFormatVersion: 2010-09-09
Description: Good example
Resources:
Broker:
Type: AWS::AmazonMQ::Broker
Properties:
PubliclyAccessible: false
|
Disable public access when not required
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
resource "aws_mq_broker" "good_example" {
broker_name = "example"
configuration {
id = aws_mq_configuration.test.id
revision = aws_mq_configuration.test.latest_revision
}
engine_type = "ActiveMQ"
engine_version = "5.15.0"
host_instance_type = "mq.t2.micro"
security_groups = [aws_security_group.test.id]
user {
username = "ExampleUser"
password = "MindTheGap"
}
publicly_accessible = false
}
|
Links