Ensure that your Amazon MQ brokers have the Auto Minor Version Upgrade feature enabled in order to receive automatically minor engine upgrades, as Apache releases new versions. Automatic upgrades occur during the broker maintenance window, defined by the day of the week, the time of day, and the time zone (UTC by default). Each version upgrade is available only after it is tested and approved by Amazon Web Services.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
AWS MQ is a managed service for Apache ActiveMQ, a popular open-source message broker. As AWS MQ deprecates minor engine versions and provide new ones for upgrade, it is highly recommended that the new versions of the engine are automatically applied. When the last version number within the release is replaced (i.e. 5.15.0 to 5.15.x), the version changed is considered minor. With Auto Minor Version Upgrade feature enabled, the version upgrades will occur automatically during the specified maintenance window so that your AWS MQ brokers can get the new software features, bug fixes and security patches.
To determine if your Amazon MQ brokers have Auto Minor Version Upgrade feature enabled, perform the following actions:
Remediation / Resolution
To enable Auto Minor Version Upgrade feature for your existing Amazon MQ brokers, you must re-create them with the necessary configuration. To relaunch the required MQ brokers, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
MQ Auto Minor Version Upgrade
Risk level: Medium