Amazon MQ broker doesn't have log exports feature

Logging and monitoring

Amazon MQ broker doesn’t have log exports feature

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

HITRUST
Orca Best Practices

Description

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that allows setting up and operating message brokers. It was detected that MQ broker {AwsMqBroker} doesn't have log exports feature, therefore logging data is not published to Amazon CloudWatch logs. Without log exports, it may be harder to monitor broker activity.

Recommended Mitigation

It is recommended to enable log exports when creating MQ broker, or to reconfigure the logs if the broker already exist, by choosing the relevant broker -> 'Edit' -> under 'CloudWatch Logs' check the boxes of 'General' and 'Audit'. For more information: https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-editing-broker-preferences.html or https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-rabbitmq-editing-broker-preferences.html

Amazon MQ broker doesn’t have log exports feature

Description

Need help?