Ensure latest engine version is used for AWS MQ Brokers

MEDIUM

Description

Not using latest mq version increases the likelihood of getting exploited.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the MQ dashboard.
In the navigation panel, Select Brokers.
In the Broker details tab select Edit.
Under Maintenance, Enable automatic minor version upgrades.

In Terraform -

In the aws_mq_broker resource, set the engine_version field to the latest version number.

References:
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/upgrading-brokers.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#engine_version

Policy Details

Rule Reference ID: AC_AWS_0177

CSP: AWS

Remediation Available: Yes

Domain: Security Best Practices

Resource: aws_mq_broker

Resource Category: Messaging

Resource Type: Managed Message Broker Service (MQ)

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0