Ensure public access is disabled for AWS MQ Brokers

MEDIUM

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the MQ dashboard.
Go to the Network and security section and change 'Public Accessibility' to 'disabled'.

In Terraform -

In the aws_mq_broker resource, set the publicly_accessible field to false.

References:
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/accessing-web-console-of-broker-without-public-accessibility.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#publicly_accessible

Policy Details

Rule Reference ID: AC_AWS_0175

CSP: AWS

Remediation Available: Yes

Domain: Security Best Practices

Resource: aws_mq_broker

Resource Category: Messaging

Resource Type: Managed Message Broker Service (MQ)

Frameworks

GDPR
NIST-800-171
NIST-800-53
HIPAA

Detections

Analytics