AWS MQ is publicly accessible

Description

This policy identifies the AWS MQ brokers which are publicly accessible. It is advisable to use MQ brokers privately only from within your AWS Virtual Private Cloud (VPC). Ensure that the AWS MQ brokers provisioned in your AWS account are not publicly accessible from the Internet to avoid sensitive data exposure and minimize security risks.

Code Example

resource "aws_mq_broker" "example" {
  ...
  publicly_accessible = false
  ...
}


*CloudFormation*

To fix this issue, ensure that the `PubliclyAccessible` property in the `AWS::AmazonMQ::Broker` resource is set to `false`.

Example:

[source,yaml]

Remediation

Terraform

To fix this issue, ensure that the `publicly_accessible` property in the `aws_mq_broker` resource is set to `false`.

Example:

Rule Details

Field	Value
ID	IAC-0122
Severity	LOW
IaC Type	Cloudformation
Frameworks	CloudFormation, Terraform, TerraformPlan, Serverless
Checkov ID	CKV_AWS_69

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS MQ is publicly accessible

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS MQ is publicly accessible ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS MQ is publicly accessible

Description

Code Example

Remediation

Rule Details

References