Best practice rules for Amazon MQ
Trend Micro Cloud One™ – Conformity monitors Amazon MQ with the following rules:
- MQ Auto Minor Version Upgrade
Ensure Auto Minor Version Upgrade is enabled for MQ to automatically receive minor engine upgrades during the maintenance window.
- MQ Deployment Mode
Ensure MQ brokers are using the active/standby deployment mode for high availability.
- MQ Desired Broker Instance Type
Ensure that all your Amazon MQ broker instances are of a given type.
- MQ Engine Version
Ensure that the latest version of Apache ActiveMQ engine is used for your AWS MQ brokers.
- MQ Log Exports
Ensure that your Amazon MQ brokers have Log Exports feature enabled.
- MQ Network of Brokers
Ensure that Amazon MQ brokers are using the network of brokers configuration.
- Publicly Accessible MQ Brokers
Ensure AWS MQ brokers aren't publicly accessible in order to avoid exposing sensitive data and minimize security risks.