Connect to Amazon MQ using Dual-stack (IPv4 and IPv6) endpoints Connect to Amazon MQ using Amazon PrivateLink

Connecting to Amazon MQ

You can connect to Amazon MQ from multiple sources such as other Amazon services using service endpoints. Amazon MQ supports the following connection methods:

IPv4 only
IPv6 only
Dual-stack (IPv4 and IPv6)
FIPS
Amazon PrivateLink

The following connection methods are used for the Amazon MQ service API:

Connection method	Domains
IPv4	`mq.region.amazonaws.com`
Dual-stack (IPv4 and IPv6)	`mq.region.api.aws`
FIPS with IPv4 only	`mq-fips.region.amazonaws.com`
FIPS with Dual-stack	`mq-fips.region.api.aws`

The following connection methods are used for Amazon MQ brokers:

Connection method	Domains
IPv4	`brokerId.mq.region.amazonaws.com`

Connect to Amazon MQ using Dual-stack (IPv4 and IPv6) endpoints

Dual-stack endpoints support both IPv4 and IPv6 traffic. When you make a request to a dual-stack endpoint, the endpoint URL resolves to an IPv4 or an IPv6 address. You can turn on access to dual-stack endpoints using the SDK, a configuration file, or an environment variable. For more information on dual-stack and FIPS endpoints, see the SDK Reference guide.

Amazon MQ supports Regional dual-stack endpoints, which means that you must specify the Amazon Region as part of the endpoint name. Dual-stack endpoint names use the following naming convention: mq.region.api.amazonwebservices.com.cn. For example, the dual-stack endpoint name for the cn-north-1 Region is mq.cn-north-1.api.amazonwebservices.com.cn.

Amazon MQ supports Regional dual-stack endpoints, which means that you must specify the Amazon Region as part of the endpoint name. Dual-stack endpoint names use the following naming convention: mq.region.api.aws. For example, the dual-stack endpoint name for the eu-west-1 Region is mq.eu-west-1.api.aws.

For the full list of Amazon MQ endpoints, see the Amazon General Reference.

Connect to Amazon MQ using Amazon PrivateLink

Amazon PrivateLink endpoints for Amazon MQ API with support for IPv4 and IPv6 provides private connectivity between virtual private clouds (VPCs) and the Amazon MQ API without exposing your traffic to the public internet.

Note

Support for PrivateLink is only available for the Amazon MQ API endpoint, not the broker endpoint. For more information on privately connecting to a broker endpoint, see Accessing the Amazon MQ broker web console without public accessibility.

Note

PrivateLink for Amazon MQ is not supported in the Asia Pacific (Thailand) and Mexico (Central) Regions.

To access Amazon MQ API using PrivateLink, you must first create an interface VPC endpoint in the specific VPC you want to connect from. When you create the VPC endpoint, use the service name com.amazonaws.region.mq or com.amazonaws.region.mq-fips for FIPS endpoints.

When you call Amazon MQ using the Amazon CLI or SDK, you must specify the endpoint URL to use the dual-stack domain name: mq.region.api.aws or mq-fips.region.api.aws. PrivateLink for Amazon MQ does not support the default domain name ending in amazonaws.com. For more information , see Dual-stack and FIPS endpoints in the SDK Reference Guide.

The following CLI example shows how to call the describe-broker-engine-type in the Asia Pacific (Sydney) Region through an Amazon MQ VPC endpoint.


aws mq describe-broker-engine-types --endpoint-url https://mq.ap-southeast-2.api.aws --region ap-southeast-2

For other ways to configure the endpoint in CLI, see Using endpoints in the Amazon CLI

You can also determine user access to the VPC endpoints using VPC endpoint policies. For more information, see Control access to VPC endpoints using endpoint policies.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Managing a broker

Upgrading the engine version