AWS::AmazonMQ::Broker
A broker is a message broker environment running on Amazon MQ. It is the basic building block of Amazon MQ.
The AWS::AmazonMQ::Broker resource lets you create Amazon MQ brokers, add
configuration changes or modify users for the specified broker, return information
about the
specified broker, and delete the specified broker. For more information, see Amazon MQ Basic Elements in the
Amazon MQ Developer Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::AmazonMQ::Broker", "Properties" : { "AutoMinorVersionUpgrade" :Boolean, "BrokerName" :String, "Users" : [ User, ... ], "Configuration" : ConfigurationId, "DeploymentMode" :String, "EngineType" :String, "EngineVersion" :String, "HostInstanceType" :String, "Logs" : LogsConfiguration, "MaintenanceWindowStartTime" : MaintenanceWindow, "PubliclyAccessible" :Boolean, "SecurityGroups" : [String, ... ], "SubnetIds" : [String, ... ] } }
YAML
Type: "AWS::AmazonMQ::Broker" Properties: AutoMinorVersionUpgrade:BooleanBrokerName:StringUsers: - User Configuration: ConfigurationId DeploymentMode:StringEngineType:StringEngineVersion:StringHostInstanceType:StringLogs: LogsConfiguration MaintenanceWindowStartTime: MaintenanceWindow PubliclyAccessible:BooleanSecurityGroups: -StringSubnetIds: -String
Properties
AutoMinorVersionUpgrade-
Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions. The automatic upgrades occur during the maintenance window of the broker or after a manual broker reboot.
Required: Yes
Type: Boolean
Update requires: No interruption
BrokerName-
The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters.
Required: Yes
Type: String
Update requires: Replacement
Users-
The list of all ActiveMQ usernames for the specified broker.
Required: Yes
Type: List of User property types
Update requires: Some interruptions
Configuration-
The broker configuration. If no configuration exists for a broker, Amazon MQ creates a default configuration.
Note
You can use AWS CloudFormation to modify—but not delete—an Amazon MQ configuration.
Required: No
Type: ConfigurationId
Update requires: Some interruptions
DeploymentMode-
The deployment mode of the broker.
SINGLE_INSTANCEcreates a single-instance broker in a single Availability Zone.ACTIVE_STANDBY_MULTI_AZcreates an active/standby broker for high availability.Required: Yes
Type: String
Update requires: Replacement
EngineType-
The type of broker engine.
Note
Currently, Amazon MQ supports only
ACTIVEMQ.Required: Yes
Type: String
Update requires: Replacement
EngineVersion-
The version of the broker engine.
Note
For a list of supported engine versions, see: Broker Engine.
Required: Yes
Type: String
Update requires: Some interruptions
HostInstanceType-
The broker's instance type. For more information, see Instance Types in the Amazon MQ Developer Guide.
Required: Yes
Type: String
Update requires: Replacement
Logs-
The Amazon CloudWatch Logs configuration for the broker.
Required: No
Type: LogsConfiguration
Update requires: Some interruptions
MaintenanceWindowStartTime-
The parameters that determine the
WeeklyStartTime.Required: No
Type: MaintenanceWindow
Update requires: Replacement
PubliclyAccessible-
Enables connections from applications outside of the VPC that hosts the broker's subnets.
Required: Yes
Type: Boolean
Update requires: Replacement
SecurityGroups-
The list of rules (1 minimum, 125 maximum) that authorize connections to brokers.
Required: No
Type: List of String values
Update requires: Replacement
SubnetIds-
The list of groups (2 maximum) that define which subnets and IP ranges the broker can use from different Availability Zones. A
SINGLE_INSTANCEdeployment requires one subnet (for example, the default subnet). AnACTIVE_STANDBY_MULTI_AZdeployment requires two subnets.Required: No
Type: List of String values
Update requires: Replacement
Return Values
Ref
When you pass the logical ID of an AWS::AmazonMQ::Broker resource to
the intrinsic Ref function, the function returns the Amazon MQ broker ID. For
example:
b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
For more information about using the Ref function, see Ref.
Fn::GetAtt
Fn::GetAtt returns a value for a specified attribute of this type. The following are the available
attributes and sample return values.
Arn-
The Amazon Resource Name (ARN) of the Amazon MQ broker.
arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 ConfigurationId-
The unique ID that Amazon MQ generates for the configuration.
c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 ConfigurationRevision-
The revision number of the configuration.
1 IpAddresses-
The IP addresses of each broker instance as a list of strings.
['198.51.100.2', '203.0.113.9'] MqttEndpoints-
The MQTT endpoints of each broker instance as a list of strings.
mqtt+ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:8883 OpenWireEndpoints-
The OpenWire endpoints of each broker instance as a list of strings.
ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:61617 AmqpEndpoints-
The AMQP endpoints of each broker instance as a list of strings.
amqp+ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:5671 StompEndpoints-
The STOMP endpoints of each broker instance as a list of strings.
stomp+ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:61614 WssEndpoints-
The WSS endpoints of each broker instance as a list of strings.
wss://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:61619
For more information about using Fn::GetAtt, see Fn::GetAtt.
Examples
Basic Amazon MQ Broker
The following example creates a basic Amazon MQ broker with one user that belongs to a group.
Note
We don't recommend including plaintext passwords in AWS CloudFormation templates.
To securely retrieve your user credentials, add a Ref to your template.
For example, you can create a Lambda function and use it to retrieve encrypted credentials
stored in a DynamoDB table.
For more information, see Using AWS Lambda with Amazon DynamoDB
in the AWS Lambda Developer Guide.
JSON
{ "Description": "Create a basic AmazonMQ broker", "Resources": { "BasicBroker": { "Type": "AWS::AmazonMQ::Broker", "Properties": { "AutoMinorVersionUpgrade": "false", "BrokerName": "MyBasicBroker", "DeploymentMode": "SINGLE_INSTANCE", "EngineType": "ActiveMQ", "EngineVersion": "5.15.0", "HostInstanceType": "mq.t2.micro", "PubliclyAccessible": "true", "Users": [ { "ConsoleAccess": "true", "Groups": [ "MyGroup" ], "Password" : { "Ref" : "AmazonMqPassword" }, "Username" : { "Ref" : "AmazonMqUsername" } } ] } } } }
YAML
--- Description: "Create a basic AmazonMQ broker" Resources: BasicBroker: Type: "AWS::AmazonMQ::Broker" Properties: AutoMinorVersionUpgrade: "false" BrokerName: MyBasicBroker DeploymentMode: SINGLE_INSTANCE EngineType: ActiveMQ EngineVersion: "5.15.0" HostInstanceType: mq.t2.micro PubliclyAccessible: "true" Users: - ConsoleAccess: "true" Groups: - MyGroup Password: Ref: "BrokerPassword" Username: Ref: "BrokerUsername"
Complex Amazon MQ Broker
The following example creates a complex Amazon MQ broker with two users that don't belong to a group and one user that belongs in a group.
Note
We don't recommend including plaintext passwords in AWS CloudFormation templates.
To securely retrieve your user credentials, add a Ref to your template.
For example, you can create a Lambda function and use it to retrieve encrypted credentials
stored in a DynamoDB table.
For more information, see Using AWS Lambda with Amazon DynamoDB
in the AWS Lambda Developer Guide.
JSON
{ "Description": "Create a complex AmazonMQ broker", "Resources": { "ComplexBroker": { "Type": "AWS::AmazonMQ::Broker", "Properties": { "AutoMinorVersionUpgrade": "false", "BrokerName": "MyComplexBroker", "Configuration": { "Id": { "Ref": "Configuration1" }, "Revision" : { "Fn::GetAtt": ["Configuration1", "Revision"] } }, "DeploymentMode": "SINGLE_INSTANCE", "EngineType": "ActiveMQ", "EngineVersion": "5.15.0", "HostInstanceType": "mq.t2.micro", "Logs": { "General": true, "Audit": false }, "MaintenanceWindowStartTime": { "DayOfWeek": "Monday", "TimeOfDay": "22:45", "TimeZone": "America/Los_Angeles" }, "PubliclyAccessible": "true", "SecurityGroups": [ "sg-a1b234cd", "sg-e5f678gh" ], "SubnetIds": [ "subnet-12a3b45c", "subnet-67d8e90f" ], "Users": [{ "ConsoleAccess": "true", "Password" : { "Ref" : "AmazonMqPassword1" }, "Username" : { "Ref" : "AmazonMqUsername1" } }, { "Password" : { "Ref" : "AmazonMqPassword2" }, "Username" : { "Ref" : "AmazonMqUsername2" } }, { "Groups": [ "MyGroup1", "MyGroup2" ], "Password" : { "Ref" : "AmazonMqPassword3" }, "Username" : { "Ref" : "AmazonMqUsername3" } }] } } } }
YAML
--- Description: "Create a complex AmazonMQ broker" Resources: ComplexBroker: Type: "AWS::AmazonMQ::Broker" Properties: AutoMinorVersionUpgrade: "false" BrokerName: MyComplexBroker Configuration: Id: !GetAtt Configuration1.Id Revision: !GetAtt Configuration1.Revision DeploymentMode: SINGLE_INSTANCE EngineType: ActiveMQ EngineVersion: "5.15.0" HostInstanceType: mq.t2.micro Logs: General: "true" Audit: "false" MaintenanceWindowStartTime: DayOfWeek: Monday TimeOfDay: "22:45" TimeZone: America/Los_Angeles PubliclyAccessible: "true" SecurityGroups: - "sg-a1b234cd" - "sg-e5f678gh" SubnetIds: - "subnet-12a3b45c" - "subnet-67d8e90f" Users: - ConsoleAccess: "true" Password: Ref: "BrokerPassword1" Username: Ref: "BrokerUsername1" - Password: Ref: "BrokerPassword2" Username: Ref: "BrokerUsername2" - Groups: - MyGroup1 - MyGroup2 Password: Ref: "BrokerPassword3" Username: Ref: "BrokerUsername3"
