Ensure active/standby deployment mode is used for AWS MQ Brokers

MEDIUM

Description

Not using Active/standby deployment mode for MQ Brokers can have an impact on availability of MQ Broker.

Remediation

This configuration setting only applies to the ActiveMQ engine and the multi-az configuration can only be enabled upon broker creation. To create a new broker, follow the steps below.

In AWS Console -

Sign in to the AWS Console and open the MQ Console.
Under Brokers, select Create brokers.
Choose Apache ActiveMQ.
Select Active/standby broker under deployment mode.
Continue configuring as needed and save.

In Terraform -

In the aws_mq_broker resource, set the deployment_mode field to ACTIVE_STANDBY_MULTI_AZ.

References:
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/active-standby-broker-deployment.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#deployment_mode

Policy Details

Rule Reference ID: AC_AWS_0176

CSP: AWS

Remediation Available: Yes

Domain: Resilience

Resource: aws_mq_broker

Resource Category: Messaging

Resource Type: Managed Message Broker Service (MQ)

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics