Detections
Analytics

Ensure auto minor version upgrade is enabled for AWS MQ Brokers

MEDIUM

Description

Message brokers if not configured to auto upgrade to the latest minor version could increase the likelihood of getting exploited.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and go to the MQ dashboard.
  2. In the navigation panel, Select Brokers.
  3. In the Broker details tab select Edit.
  4. Under Maintenance, Enable automatic minor version upgrades.

In Terraform -

  1. In the aws_mq_broker resource, set the auto_minor_version_upgrade field to true.

References:
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/upgrading-brokers.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#auto_minor_version_upgrade

Policy Details

Rule Reference ID: AC_AWS_0179
CSP: AWS
Remediation Available: Yes
Domain: Security Best Practices
Resource: aws_mq_broker
Resource Category: Messaging
Resource Type: Managed Message Broker Service (MQ)

Frameworks