Amazon MQ Now Supports Resource-Level and Tag-Based Permissions

Posted on: Apr 29, 2019

You can now define AWS Identity and Access Management (IAM) policies to specify fine-grained permissions for specific brokers based on resource names and tags, improving the security of broker management. 

Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud. Amazon MQ manages the administration and maintenance of ActiveMQ, which means the underlying infrastructure is automatically provisioned for high availability and message durability to support the reliability of your applications.  

With resource-level permissions, you can configure IAM policies that reference Amazon MQ brokers using Amazon Resource Names (ARNs) or wildcards, and specify the users and actions that are permitted on only those brokers.  

Using tag-based permissions, you can define IAM policies that specify permissions for tagged brokers. For example, you can tag Amazon MQ brokers based on business units and limit control over those brokers to members of that business unit. When new brokers are created with tags, the corresponding IAM permissions are automatically applied. 

To learn more see Amazon MQ Security in the Amazon MQ Developer Guide