Ensure that your Amazon MQ brokers have the Auto Minor Version Upgrade feature enabled in order to receive automatically minor engine upgrades, as Apache releases new versions. Automatic upgrades occur during the broker maintenance window, defined by the day of the week, the time of day, and the time zone (UTC by default). Each version upgrade is available only after it is tested and approved by Amazon Web Services (AWS).
This rule can help you with the following compliance standards:
- APRA
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Amazon MQ is a managed service for Apache ActiveMQ, a popular open-source message broker. As AWS MQ deprecates minor engine versions and provide new ones for upgrade, it is highly recommended that the new versions of the engine are automatically applied. When the last version number within the release is replaced (i.e. 5.15.0 to 5.15.x), the version changed is considered minor. With Auto Minor Version Upgrade feature enabled, the version upgrades will occur automatically during the specified maintenance window so that your Amazon MQ brokers can get the new software features, bug fixes and security patches.
Audit
To determine if the Auto Minor Version Upgrade feature is enabled for your Amazon MQ brokers, perform the following actions:
Remediation / Resolution
To enable the Auto Minor Version Upgrade feature for your Amazon MQ brokers, perform the following actions:
References
- AWS Documentation
- Amazon MQ
- Amazon MQ Basic Elements
- Getting Started with Amazon MQ
- Tutorial: Creating and Configuring an Amazon MQ Broker
- Tutorial: Deleting an Amazon MQ Broker
- AWS Command Line Interface (CLI) Documentation
- list-brokers
- describe-broker
- update-broker
- reboot-broker