Description

Amazon MQ integrates with AWS CloudWatch Logs, a service that monitors, stores, and provides access to log files from various sources within your AWS account. When the Log Exports feature is enabled, Amazon MQ sends general and audit logs to AWS CloudWatch Logs, allowing you to maintain continuous visibility into your broker's activity and meet auditing compliance requirements. The Log Exports feature supports two log types: General log, which enables the default ActiveMQ INFO logging level and publishes activemq.log to an Amazon CloudWatch log group in your account, and Audit log, which logs management actions taken through JMX or the ActiveMQ Web Console. It's recommended to select both general and audit logs for publishing to AWS CloudWatch Logs when enabling the Log Exports feature.

Remediation

To ensure that Amazon MQ brokers Log Exports feature is enabled, follow these remediation steps:

  1. Open the Amazon MQ console.
  2. In the left navigation pane, click on "Brokers".
  3. Select the broker that you want to configure.
  4. In the "Actions" drop-down menu, select "Edit".
  5. In the "Broker details" section, scroll down to the "Log Exports" option.
  6. Check the box next to "Enabled" to enable log exports for this broker.
  7. Select "General Log" and "Audit Log" to enable publishing of both types of logs to AWS CloudWatch Logs.
  8. Choose an existing CloudWatch Log group or create a new one.
  9. Click on "Save changes" to apply the changes to the broker.

Once these steps are completed, Amazon MQ will start publishing both general and audit logs to the specified AWS CloudWatch Logs group. You will then be able to access and monitor the logs in real-time from the CloudWatch Logs console.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.