Service endpoints Broker endpoints Connect to Amazon MQ using Dual-stack (IPv4 and IPv6) endpoints Connect to Amazon MQ using Amazon PrivateLink

Connecting to Amazon MQ

You can connect to Amazon MQ from other Amazon services using service endpoints and broker endpoints.

Service endpoints

The following connection methods are used for the Amazon MQ service API:

Domains	Connection method
`mq.region.amazonaws.com`	IPv4
`mq.region.api.aws`	Dual-stack (IPv4 and IPv6)
`mq-fips.region.amazonaws.com`	FIPS with IPv4 only
`mq-fips.region.api.aws`	FIPS with Dual-stack

Broker endpoints

The following connection methods are used for Amazon MQ brokers:

Domains	Connection method
`brokerId.mq.region.amazonaws.com`	IPv4
`brokerId.mq.region.on.aws`	Dual-stack (IPv4 and IPv6) Note Amazon MQ for ActiveMQ brokers do not support dual-stack.

Connect to Amazon MQ using Dual-stack (IPv4 and IPv6) endpoints

Dual-stack endpoints support both IPv4 and IPv6 traffic. When you make a request to a dual-stack endpoint, the endpoint URL resolves to an IPv4 or an IPv6 address. For more information on dual-stack and FIPS endpoints, see the SDK Reference guide.

Amazon MQ supports Regional dual-stack endpoints, which means that you must specify the Amazon Region as part of the endpoint name. Dual-stack endpoint names use the following naming convention: mq.region.api.amazonwebservices.com.cn. For example, the dual-stack endpoint name for the cn-north-1 Region is mq.cn-north-1.api.amazonwebservices.com.cn.

Amazon MQ supports Regional dual-stack endpoints, which means that you must specify the Amazon Region as part of the endpoint name. Dual-stack endpoint names use the following naming convention: mq.region.api.aws. For example, the dual-stack endpoint name for the eu-west-1 Region is mq.eu-west-1.api.aws.

For the full list of Amazon MQ endpoints, see the Amazon General Reference.

Connect to Amazon MQ using Amazon PrivateLink

Amazon PrivateLink endpoints for Amazon MQ API with support for IPv4 and IPv6 provides private connectivity between virtual private clouds (VPCs) and the Amazon MQ API without exposing your traffic to the public internet.

Note

Support for PrivateLink is only available for the Amazon MQ API endpoint, not the broker endpoint. For more information on privately connecting to a broker endpoint, see Configuring a private Amazon MQ broker.

To access Amazon MQ API using PrivateLink, you must first create an interface VPC endpoint in the specific VPC you want to connect from. When you create the VPC endpoint, use the service name com.amazonaws.region.mq or com.amazonaws.region.mq-fips for FIPS endpoints.

When you call Amazon MQ using the Amazon CLI or SDK, you must specify the endpoint URL to use the dual-stack domain name: mq.region.api.aws or mq-fips.region.api.aws. PrivateLink for Amazon MQ does not support the default domain name ending in amazonaws.com. For more information , see Dual-stack and FIPS endpoints in the SDK Reference Guide.

The following CLI example shows how to call the describe-broker-engine-type in the Asia Pacific (Sydney) Region through an Amazon MQ VPC endpoint.


AWS_USE_DUALSTACK=true aws mq describe-broker-engine-types --region ap-southeast-2

For other ways to configure the endpoint in CLI, see Using endpoints in the Amazon CLI

You can also determine user access to the VPC endpoints using VPC endpoint policies. For more information, see Control access to VPC endpoints using endpoint policies.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Managing a broker

Upgrading the engine version