Amazon MQ Broker logging is not enabled
Description
Amazon MQ is a broker service built on Apache ActiveMQ. As a message broker, MQ allows applications to communicate using various programming languages, operating systems and formal messaging protocols. Amazon MQ is integrated with CloudTrail and provides a record of the Amazon MQ calls made by a user, role, or AWS service. It supports logging both the request parameters and the responses for APIs as events in CloudTrail. Logging MQ ensures developers can trace all requests and responses, and ensure they are only used for their predefined message brokering settings. We recommend you enable Amazon MQ Broker Logging.
Code Example
go
resource "aws_mq_broker" "enabled" {
broker_name = "example"
engine_type = "ActiveMQ"
engine_version = "5.16.3"
host_instance_type = "mq.t3.micro"
user {
password = "admin123"
username = "admin"
}
logs {
general = true
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0102 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_48 |