MQ Deployment Mode

01 Sign in to the AWS Management Console.

02 Navigate to Amazon MQ console at https://console.aws.amazon.com/amazon-mq/.

03 In the main navigation panel, under Amazon MQ, click Brokers.

04 Click on the name (link) of the MQ broker that you want to examine.

05 In the Details section, check the Deployment mode attribute value listed under Specifications to determine the deployment mode used by the selected MQ broker. If the attribute value is set to Single-instance broker, the active/standby deployment mode is not enabled for the selected Amazon MQ broker, therefore your broker is not configured for high availability.

06 Repeat steps no. 4 and 5 for each Amazon MQ broker available within the current AWS region.

07 Change the AWS cloud region from the navigation bar and repeat the Audit process for other AWS regions.

01 Run list-brokers command (OSX/Linux/UNIX) with custom query filters to list the ID of each Amazon MQ brokers available in the selected AWS region:

aws mq list-brokers
  --region us-east-1
  --query 'BrokerSummaries[*].BrokerId'

02 The command output should return the requested MQ broker IDs:

[
	"b-aaaabbbb-cccc-dddd-eeee-aaaabbbbcccc",
	"b-bbbbcccc-dddd-eeee-ffff-bbbbccccdddd"
]

03 Run describe-broker command (OSX/Linux/UNIX) using the ID of the Amazon MQ broker that you want to examine as the identifier parameter, to describe the deployment mode used by the selected MQ broker:

aws mq describe-broker
  --region us-east-1
  --broker-id b-aaaabbbb-cccc-dddd-eeee-aaaabbbbcccc
  --query 'DeploymentMode'

04 The command output should return the deployment mode used by the specified broker:

"SINGLE_INSTANCE"

05 Repeat steps no. 4 and 5 for each Amazon MQ broker available in the selected AWS region.

06 Change the AWS cloud region by updating the --region command parameter value and repeat the Audit process for other AWS regions.

01 CloudFormation template (JSON):

{
	"AWSTemplateFormatVersion": "2010-09-09",
	"Description": "Multi-AZ Deployment Mode",
	"Resources": {
		"MQBroker": {
			"Type": "AWS::AmazonMQ::Broker",
			"Properties": {
				"BrokerName": "cc-ha-production-broker",
				"EngineType": "ActiveMQ",
				"EngineVersion": "5.15.0",
				"HostInstanceType": "mq.m5.large",
				"AutoMinorVersionUpgrade": "true",
				"PubliclyAccessible": "false",
				"SecurityGroups": [
					"sg-01234abcd1234abcd"
				],
				"Users": [
					{
						"Password": "brokeruser",
						"Username": "brokerpassword"
					}
				],
				"SubnetIds": [
					"subnet-0abcd1234abcd1234",
					"subnet-01234abcd1234abcd"
				],
				"DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ"
			}
		}
	}
}

02 CloudFormation template (YAML):

AWSTemplateFormatVersion: '2010-09-09'
	Description: Multi-AZ Deployment Mode
	Resources:
	MQBroker:
		Type: AWS::AmazonMQ::Broker
		Properties:
			BrokerName: cc-ha-production-broker
			EngineType: ActiveMQ
			EngineVersion: 5.15.0
			HostInstanceType: mq.m5.large
			AutoMinorVersionUpgrade: 'true'
			PubliclyAccessible: 'false'
			SecurityGroups:
				- sg-01234abcd1234abcd
			Users:
				- Password: brokeruser
				Username: brokerpassword
			SubnetIds:
				- subnet-0abcd1234abcd1234
				- subnet-01234abcd1234abcd
			DeploymentMode: ACTIVE_STANDBY_MULTI_AZ

01 Terraform configuration file (.tf):

terraform {
	required_providers {
		aws = {
			source  = "hashicorp/aws"
			version = "~> 4.0"
		}
	}

	required_version = ">= 0.14.9"
}

provider "aws" {
	profile = "default"
	region  = "us-east-1"
}

resource "aws_mq_broker" "mq-broker" {
	broker_name                = "cc-internal-broker"
	engine_type                = "ActiveMQ"
	engine_version             = "5.15.0"
	host_instance_type         = "mq.m5.large"
	auto_minor_version_upgrade = true
	publicly_accessible        = false
	security_groups            = ["sg-01234abcd1234abcd"]
	user {
		username = "brokeruser"
		password = "brokerpassword"
	}

	# Multi-AZ Deployment Mode
	subnet_ids      = ["subnet-0abcd1234abcd1234","subnet-01234abcd1234abcd"]
	deployment_mode = "ACTIVE_STANDBY_MULTI_AZ"
}

01 Sign in to the AWS Management Console.

02 Navigate to Amazon MQ console at https://console.aws.amazon.com/amazon-mq/.

03 In the main navigation panel, under Amazon MQ, click Brokers.

04 Click on the name (link) of the MQ broker that you want to re-create.

05 On the selected MQ broker page, collect the broker configuration information such as Broker instance type, Broker engine, Broker engine version, Configuration name and revision, Security and network information, and Maintenance information, as well as the user and tagging information available in the Users and Tags sections.

06 Navigate back to the Brokers listing page and choose Create brokers to initiate the setup process.

07 For Step 1 Select broker engine, choose Apache ActiveMQ for the broker engine type. Choose Next to continue the setup process.

08 For Step 2 Select deployment and storage type, select Active/standby broker for Deployment mode to enable the active/standby deployment mode for the new Amazon MQ broker. Choose Next to continue the broker setup.

09 For Step 3 Configure settings, provide a unique name for the new broker, and configure the required settings for your new MQ broker using the configuration, tagging, and user information collected at step no. 5. Choose Next to continue.

10 For Step 4 Review and create, review the broker configuration information and choose Create broker to launch your new Amazon MQ broker.

11 After the new MQ broker is created, you can replace the broker endpoint(s) within your application.

12 If required, repeat steps no. 4 – 11 to enable the active/standby deployment mode for each Amazon MQ broker available within the current AWS region.

13 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other AWS regions.

01 Run describe-broker command (OSX/Linux/UNIX) using the ID of the Amazon MQ broker that you want to relaunch as the identifier parameter, to describe the configuration information for the specified (single-instance) broker:

aws mq describe-broker
  --region us-east-1
  --broker-id b-aaaabbbb-cccc-dddd-eeee-aaaabbbbcccc

02 The command output should return the configuration information available for the selected MQ broker:

{
	"MaintenanceWindowStartTime": {
		"DayOfWeek": "MONDAY",
		"TimeZone": "UTC",
		"TimeOfDay": "01:00"
	},
	"PubliclyAccessible": true,
	"EngineVersion": "5.15.0",
	"EngineType": "ActiveMQ",
	"DeploymentMode": "SINGLE_INSTANCE",


	...

	"HostInstanceType": "mq.m5.large",
	"SubnetIds": [
		"subnet-0abcd1234abcd1234",
		"subnet-01234abcd1234abcd"
	],
	"AutoMinorVersionUpgrade": false,
	"BrokerArn": "arn:aws:mq:us-east-1:123456789012:broker:cc-production-broker:b-aaaabbbb-cccc-dddd-eeee-aaaabbbbcccc",
	"BrokerId": "b-aaaabbbb-cccc-dddd-eeee-aaaabbbbcccc",
	"BrokerName": "cc-production-broker",
	"SecurityGroups": [
		"sg-01234abcd1234abcd"
	]
}

03 Run create-broker command (OSX/Linux/UNIX) using the configuration information returned at the previous step to relaunch the selected Amazon MQ broker in two different Availability Zones (AZs) by enabling the active/standby deployment mode with the --deployment-mode parameter value set to ACTIVE_STANDBY_MULTI_AZ:

aws mq create-broker
  --region us-east-1
  --broker-name cc-ha-production-broker
  --configuration Id="c-aaaabbbb-cccc-dddd-eeee-aaaabbbbcccc",Revision=1
  --deployment-mode ACTIVE_STANDBY_MULTI_AZ
  --engine-type ACTIVEMQ
  --engine-version 5.15.0
  --host-instance-type mq.m5.large
  --security-groups "sg-01234abcd1234abcd"
  --subnet-ids "subnet-0abcd1234abcd1234" "subnet-01234abcd1234abcd"
  --users ConsoleAccess=true,Username="brokeruser",Password="brokerpasswd"
  --publicly-accessible
  --auto-minor-version-upgrade

04 The command output should return the new Amazon MQ broker identifiers (broker ARN and ID):

{
	"BrokerArn": "arn:aws:mq:us-east-1:123456789012:broker:cc-ha-production-broker:b-bbbbcccc-dddd-eeee-ffff-bbbbccccdddd",
	"BrokerId": "b-bbbbcccc-dddd-eeee-ffff-bbbbccccdddd"
}

05 After the new MQ broker is created, you can replace the broker endpoint(s) within your application.

06 If required, repeat steps no. 1 – 5 to enable the active/standby deployment mode for each Amazon MQ broker available in the selected AWS region.

07 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 – 6 to perform the Remediation process for other regions.