Amazon MQ broker is publicly accessible

Network misconfigurations

Amazon MQ broker is publicly accessible

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

HITRUST
NIST 800-53
Orca Best Practices

Description

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that allows setting up and operating message brokers. It was detected that MQ broker {AwsMqBroker} is publicly accessible, which means every machine on the Internet can reach it through their public endpoints. It will increase the risk of malicious activity such as cross-site scripting(XSS), clickjacking and DDoS attacks.

Recommended Mitigation

It is recommended to disable public access when creating MQ broker. For more information: https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/using-amazon-mq-securely.html#prefer-brokers-without-public-accessibility

Amazon MQ broker is publicly accessible

Description

Need help?