MQ Broker Is Publicly Accessible
- Query id: 4eb5f791-c861-4afd-9f94-f2a6a3fe49cb
- Query name: MQ Broker Is Publicly Accessible
- Platform: Terraform
- Severity: High
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
Check if any MQ Broker is not publicly accessible
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_mq_broker" "positive1" {
broker_name = "example"
configuration {
id = aws_mq_configuration.test.id
revision = aws_mq_configuration.test.latest_revision
}
engine_type = "ActiveMQ"
engine_version = "5.15.0"
host_instance_type = "mq.t2.micro"
security_groups = [aws_security_group.test.id]
user {
username = "ExampleUser"
password = "MindTheGap"
}
publicly_accessible = true
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_mq_broker" "negative1" {
broker_name = "example"
configuration {
id = aws_mq_configuration.test.id
revision = aws_mq_configuration.test.latest_revision
}
engine_type = "ActiveMQ"
engine_version = "5.15.0"
host_instance_type = "mq.t2.micro"
security_groups = [aws_security_group.test.id]
user {
username = "ExampleUser"
password = "MindTheGap"
}
}