Configure additional Amazon MQ broker settings - Amazon MQ

Configure additional Amazon MQ broker settings

You may want to configure additional settings for your broker. You can configure additional settings for your broker in the console during the broker creation process. Additional settings may include configurations, VPCs, and public accessibility.

Important

  • Subnet(s) – A single-instance broker requires one subnet (for example, the default subnet). An active/standby broker requires two subnets.

  • Security group(s) – Both single-instance brokers and active/standby brokers require at least one security group (for example, the default security group).

  • VPC – A broker's subnet(s) and security group(s) must be in the same VPC. EC2-Classic resources aren't supported. Amazon MQ only supports default VPC tenancy, and does not support dedicated VPC tenancy.

  • Encryption – Choose the customer master key to encrypt your data. See Encryption at rest.

  • Public accessibility – Disabling public accessibility makes the broker accessible only within your VPC. For more information, see Prefer brokers without public accessibility and Accessing the Amazon MQ broker web console without public accessibility.

  1. Expand the Additional settings section.

  2. In the Configuration section, choose Create a new configuration with default values or Select an existing configuration. For more information, see Amazon MQ Broker Configuration Parameters.

  3. In the Logs section, choose whether to publish General logs and Audit logs to Amazon CloudWatch Logs. For more information, see Monitoring and logging Amazon MQ brokers.

    Important

    If you don't add the CreateLogGroup permission to your Amazon MQ user before the user creates or reboots the broker, Amazon MQ doesn't create the log group.

    If you don't configure a resource-based policy for Amazon MQ, the broker can't publish the logs to CloudWatch Logs.

  4. In the Network and security section, configure your broker's connectivity:

    1. Do one of the following:

      • Choose Use the default VPC, subnet(s), and security group(s).

      • Choose Select existing VPC, subnet(s), and security group(s).

        1. If you choose this option, you can create a new Virtual Private Cloud (VPC) on the Amazon VPC console, select an existing VPC, or select the default VPC. For more information, see What is Amazon VPC? in the Amazon VPC User Guide.

        2. After you create or select a VPC, you can create new Subnet(s) on the Amazon VPC console or select existing ones. For more information, see VPCs and Subnets in the Amazon VPC User Guide.

        3. After you create or select subnets, you can select the Security group(s).

    2. Choose the customer master key (CMK) that will be used to encrypt your data. See Encryption at rest.

    3. Choose the Public accessibility of your broker.

  5. In the Maintenance section, configure your broker's maintenance schedule:

    1. To upgrade the broker to new versions as Apache releases them, choose Enable automatic minor version upgrades. Automatic upgrades occur during the maintenance window defined by the day of the week, the time of day (in 24-hour format), and the time zone (UTC by default).

      Note

      For an active/standby broker, if one of the broker instances undergoes maintenance, it takes Amazon MQ a short while to take the inactive instance out of service. This allows the healthy standby instance to become active and to begin accepting incoming communications.

    2. Do one of the following:

      • To allow Amazon MQ to select the maintenance window automatically, choose No preference.

      • To set a custom maintenance window, choose Select maintenance window and then specify the Start day and Start time of the upgrades.