Medium

Ensure Amazon MQ brokers Auto Minor Version Upgrade feature is enabled

Security & Compliance
Description

To ensure that your Amazon MQ brokers receive minor engine upgrades as soon as Apache releases new versions, it is recommended to enable the Auto Minor Version Upgrade feature. The upgrades will be applied automatically during the broker maintenance window, which is defined by the day of the week, time of day, and time zone (UTC by default). It is important to note that each version upgrade is only made available after it has been thoroughly tested and approved by Amazon Web Services.

Remediation

Here are some remediation steps you can take to ensure that the Auto Minor Version Upgrade feature is enabled for your Amazon MQ brokers:

  1. Log in to the AWS Management Console and navigate to the Amazon MQ console.
  2. Select the Amazon MQ broker for which you want to enable the Auto Minor Version Upgrade feature.
  3. Click on the "Configuration" tab and scroll down to the "Version upgrades" section.
  4. Check the "Auto Minor Version Upgrade" box to enable the feature.
  5. Review the "Maintenance window" settings to ensure they are configured to your desired values.
  6. Click on the "Save changes" button to apply the configuration changes.
  7. Repeat these steps for each Amazon MQ broker that you want to enable the Auto Minor Version Upgrade feature for.

By following these remediation steps, you can ensure that the Auto Minor Version Upgrade feature is enabled for your Amazon MQ brokers. This will allow you to receive automatic minor engine upgrades as soon as Apache releases new versions, and keep your brokers up-to-date with the latest security patches and bug fixes.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.