Configure additional Amazon MQ broker settings - Amazon MQ
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configure additional Amazon MQ broker settings

You may want to configure additional settings for your broker. You can configure additional settings for your broker in the console during the broker creation process. Additional settings may include configurations, VPCs, and public accessibility.

Important

  • Subnet(s) – A single-instance broker requires one subnet (for example, the default subnet). An active/standby broker requires two subnets.

  • Security group(s) – Both single-instance brokers and active/standby brokers require at least one security group (for example, the default security group).

  • VPC – A broker's subnet(s) and security group(s) must be in the same VPC. EC2-Classic resources aren't supported. Amazon MQ only supports default VPC tenancy, and does not support dedicated VPC tenancy.

    If you are using a private broker, you may see IP addresses that you did not configure with your VPC. These are IP addresses from the RabbitMQ on Amazon MQ infrastructure, and they require no action.

  • Encryption – Choose the customer master key to encrypt your data. See Encryption at rest.

  • Public accessibility – Disabling public accessibility makes the broker accessible only within your VPC. For more information, see Prefer brokers without public accessibility and Accessing the Amazon MQ broker web console without public accessibility.

When you request that Amazon MQ create a broker, the creation process can take about 15 minutes.

The following example shows how you can confirm your broker's existence by listing your brokers in the current region using the Amazon Web Services Management Console.

  1. Sign in to the Amazon MQ console.

    Your brokers in the current region are listed.

    The following information is displayed for each broker:

  2. Choose your broker's name .

    For ActiveMQ brokers, on the MyBroker page, the configured Details are displayed for your broker:

    For Amazon MQ for RabbitMQ brokers, you can view your selected settings on the MyBroker2 page, under the Detailssection as shown in the following.

    Under the Details section, the following information is displayed:

    • In the Connections section, for Amazon MQ for ActiveMQ brokers, the web console URL and the wire-level protocol endpoints.

      In the Connections section, for Amazon MQ for RabbitMQ brokers, the web console URL and the secure AMQP endpoint.

    • For Amazon MQ for ActiveMQ brokers, in the Users section, the users associated with the broker

      Important

      Managing users via the Amazon Web Services Management Console and the Amazon MQ API is not supported for Amazon MQ for RabbitMQ brokers.

After listing your broker and veiwing broker details, you configure additional settings.

  1. Expand the Additional settings section.

  2. In the Configuration section, choose Create a new configuration with default values or Select an existing configuration. For more information, see Amazon MQ Broker Configuration Parameters.

  3. In the Logs section, choose whether to publish General logs and Audit logs to Amazon CloudWatch Logs. For more information, see Monitoring and logging Amazon MQ brokers.

    Important

    If you don't add the CreateLogGroup permission to your Amazon MQ user before the user creates or reboots the broker, Amazon MQ doesn't create the log group.

    If you don't configure a resource-based policy for Amazon MQ, the broker can't publish the logs to CloudWatch Logs.

  4. In the Network and security section, configure your broker's connectivity:

    1. Do one of the following:

      • Choose Use the default VPC, subnet(s), and security group(s).

      • Choose Select existing VPC, subnet(s), and security group(s).

        1. If you choose this option, you can create a new Virtual Private Cloud (VPC) on the Amazon VPC console, select an existing VPC, or select the default VPC. For more information, see What is Amazon VPC? in the Amazon VPC User Guide.

        2. After you create or select a VPC, you can create new Subnet(s) on the Amazon VPC console or select existing ones. For more information, see VPCs and Subnets in the Amazon VPC User Guide.

        3. After you create or select subnets, you can select the Security group(s).

    2. Choose the customer master key (CMK) that will be used to encrypt your data. See Encryption at rest.

    3. Choose the Public accessibility of your broker.

  5. In the Maintenance section, configure your broker's maintenance schedule:

    1. To upgrade the broker to new versions as Apache releases them, choose Enable automatic minor version upgrades. Automatic upgrades occur during the maintenance window defined by the day of the week, the time of day (in 24-hour format), and the time zone (UTC by default).

      Note

      For an active/standby broker, if one of the broker instances undergoes maintenance, it takes Amazon MQ a short while to take the inactive instance out of service. This allows the healthy standby instance to become active and to begin accepting incoming communications.

    2. Do one of the following:

      • To allow Amazon MQ to select the maintenance window automatically, choose No preference.

      • To set a custom maintenance window, choose Select maintenance window and then specify the Start day and Start time of the upgrades.