To minimize security risks and protect sensitive data, it is important to ensure that the Amazon MQ brokers provisioned in your AWS account are not publicly accessible from the Internet. Depending on their use cases, the level of access to your MQ brokers may vary. However, for most use cases, it is recommended by Cloud Conformity to configure the MQ brokers to be privately accessible only from within your AWS Virtual Private Cloud (VPC). Public Amazon MQ brokers can be accessed directly, without the need for a VPC, which exposes them to potential security threats such as cross-site scripting (XSS) and clickjacking attacks. This can be a major security risk as every machine on the Internet can reach your brokers through their public endpoints.


Here are some remediation steps you can take to ensure that your Amazon MQ brokers are not publicly accessible:

  1. Log in to the AWS Management Console and navigate to the Amazon MQ console.
  2. Select the Amazon MQ broker for which you want to modify the accessibility.
  3. Click on the "Configuration" tab and scroll down to the "Network & security" section.
  4. Check the "Publicly accessible" setting and ensure that it is set to "No".
  5. If the "Publicly accessible" setting is set to "Yes", stop the broker instance.
  6. Modify the "Publicly accessible" setting to "No" to prevent external access.
  7. Start the broker instance and verify that it is not publicly accessible.
  8. Repeat these steps for each Amazon MQ broker instance to ensure that they are not publicly accessible.

By following these remediation steps, you can ensure that your Amazon MQ brokers are not publicly accessible from the Internet, thus minimizing security risks and protecting sensitive data. This will help you to comply with internal security requirements and best practices, while also ensuring the confidentiality and integrity of your data.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.