AWS MQBroker's minor version updates are disabled
Description
When Amazon MQ supports a new version of a broker engine, you can upgrade your broker instances to the new version. There are two kinds of upgrades: major version upgrades and minor version upgrades. Minor upgrades helps maintain a secure and stable MQ broker with minimal impact on the application. For this reason, we recommend that your automatic minor upgrade is enabled. Minor version upgrades only occur automatically if a minor upgrade replaces an unsafe version, such as a minor upgrade that contains bug fixes for a previous version.
Code Example
shell
{
"aws mq update-broker \\
--region ${region} \\
--broker-id ${resource_id} \\
--auto-minor-version-upgrade",
}Remediation
CLI Command
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0255 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_207 |