BOM - AWS MQ

  • Query id: fcb1b388-f558-4b7f-9b6e-f4e98abb7380
  • Query name: BOM - AWS MQ
  • Platform: Terraform
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: Ongoing
  • URL: Github

Description

A list of MQ resources found. Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_mq_broker" "positive1" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.test.id
    revision = aws_mq_configuration.test.latest_revision
  }

  engine_type        = "ActiveMQ"
  engine_version     = "5.15.9"
  host_instance_type = "mq.t2.micro"
  security_groups    = [aws_security_group.test.id]

  user {
    username = "ExampleUser"
    password = "MindTheGap"
  }
}
Positive test num. 2 - tf file
resource "aws_mq_broker" "positive2" {
  broker_name = "example"

  configuration {
    id       = aws_mq_configuration.test.id
    revision = aws_mq_configuration.test.latest_revision
  }

  engine_type        = "RabbitMQ"
  engine_version     = "5.15.9"
  host_instance_type = "mq.t2.micro"
  security_groups    = [aws_security_group.test.id]

  user {
    username = "ExampleUser"
    password = "111111111111"
  }

   user {
    username = "ExampleUser"
    password = "MindTheGap"
  }

  encryption_options {
    kms_key_id = var.encryption_options.kms_key_id
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
  module "mq_broker" {
    source = "cloudposse/mq-broker/aws"
    version     = "0.14.0"

    namespace                  = "eg"
    stage                      = "test"
    name                       = "mq-broker"
    apply_immediately          = true
    auto_minor_version_upgrade = true
    deployment_mode            = "ACTIVE_STANDBY_MULTI_AZ"
    engine_type                = "ActiveMQ"
    engine_version             = "5.15.14"
    host_instance_type         = "mq.t3.micro"
    publicly_accessible        = false
    general_log_enabled        = true
    audit_log_enabled          = true
    encryption_enabled         = true
    use_aws_owned_key          = true
    vpc_id                     = var.vpc_id
    subnet_ids                 = var.subnet_ids
    security_groups            = var.security_groups
  }