This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::AmazonMQ::Broker
Creates a broker. Note: This API is asynchronous.
To create a broker, you must either use the AmazonMQFullAccess IAM
policy or include the following EC2 permissions in your IAM policy.
-
ec2:CreateNetworkInterfaceThis permission is required to allow Amazon MQ to create an elastic network interface (ENI) on behalf of your account.
-
ec2:CreateNetworkInterfacePermissionThis permission is required to attach the ENI to the broker instance.
-
ec2:DeleteNetworkInterface -
ec2:DeleteNetworkInterfacePermission -
ec2:DetachNetworkInterface -
ec2:DescribeInternetGateways -
ec2:DescribeNetworkInterfaces -
ec2:DescribeNetworkInterfacePermissions -
ec2:DescribeRouteTables -
ec2:DescribeSecurityGroups -
ec2:DescribeSubnets -
ec2:DescribeVpcs
For more information, see Create an IAM User and Get Your AWS Credentials and Never Modify or Delete the Amazon MQ Elastic Network Interface in the Amazon MQ Developer Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::AmazonMQ::Broker", "Properties" : { "AuthenticationStrategy" :String, "AutoMinorVersionUpgrade" :Boolean, "BrokerName" :String, "Configuration" :ConfigurationId, "DataReplicationMode" :String, "DataReplicationPrimaryBrokerArn" :String, "DeploymentMode" :String, "EncryptionOptions" :EncryptionOptions, "EngineType" :String, "EngineVersion" :String, "HostInstanceType" :String, "LdapServerMetadata" :LdapServerMetadata, "Logs" :LogList, "MaintenanceWindowStartTime" :MaintenanceWindow, "PubliclyAccessible" :Boolean, "SecurityGroups" :[ String, ... ], "StorageType" :String, "SubnetIds" :[ String, ... ], "Tags" :[ TagsEntry, ... ], "Users" :[ User, ... ]} }
YAML
Type: AWS::AmazonMQ::Broker Properties: AuthenticationStrategy:StringAutoMinorVersionUpgrade:BooleanBrokerName:StringConfiguration:ConfigurationIdDataReplicationMode:StringDataReplicationPrimaryBrokerArn:StringDeploymentMode:StringEncryptionOptions:EncryptionOptionsEngineType:StringEngineVersion:StringHostInstanceType:StringLdapServerMetadata:LdapServerMetadataLogs:LogListMaintenanceWindowStartTime:MaintenanceWindowPubliclyAccessible:BooleanSecurityGroups:- StringStorageType:StringSubnetIds:- StringTags:- TagsEntryUsers:- User
Properties
AuthenticationStrategy-
Optional. The authentication strategy used to secure the broker. The default is
SIMPLE.Required: No
Type: String
Update requires: Replacement
AutoMinorVersionUpgrade-
Enables automatic upgrades to new patch versions for brokers as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window or after a manual broker reboot. Set to
trueby default, if no value is specified.Note
Must be set to
truefor ActiveMQ brokers version 5.18 and above and for RabbitMQ brokers version 3.13 and above.Required: No
Type: Boolean
Update requires: No interruption
BrokerName-
Required. The broker's name. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.
Important
Do not add personally identifiable information (PII) or other confidential or sensitive information in broker names. Broker names are accessible to other AWS services, including CloudWatch Logs. Broker names are not intended to be used for private or sensitive data.
Required: Yes
Type: String
Pattern:
^[0-9A-Za-z_-]{1,50}$Update requires: Replacement
Configuration-
A list of information about the configuration.
Required: No
Type: ConfigurationId
Update requires: Some interruptions
DataReplicationMode-
Defines whether this broker is a part of a data replication pair.
Required: No
Type: String
Allowed values:
NONE | CRDRUpdate requires: No interruption
DataReplicationPrimaryBrokerArn-
The Amazon Resource Name (ARN) of the primary broker that is used to replicate data from in a data replication pair, and is applied to the replica broker. Must be set when dataReplicationMode is set to CRDR.
Required: No
Type: String
Pattern:
^arn:.*Update requires: No interruption
DeploymentMode-
Required. The broker's deployment mode.
Required: Yes
Type: String
Allowed values:
SINGLE_INSTANCE | ACTIVE_STANDBY_MULTI_AZ | CLUSTER_MULTI_AZUpdate requires: Replacement
EncryptionOptions-
Encryption options for the broker.
Required: No
Type: EncryptionOptions
Update requires: Replacement
EngineType-
Required. The type of broker engine. Currently, Amazon MQ supports
ACTIVEMQandRABBITMQ.Required: Yes
Type: String
Allowed values:
ACTIVEMQ | RABBITMQUpdate requires: Replacement
EngineVersion-
The broker engine version. Defaults to the latest available version for the specified broker engine type. For more information, see the ActiveMQ version management and the RabbitMQ version management sections in the Amazon MQ Developer Guide.
Required: No
Type: String
Update requires: No interruption
HostInstanceType-
Required. The broker's instance type.
Required: Yes
Type: String
Update requires: Some interruptions
LdapServerMetadata-
Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.
Required: No
Type: LdapServerMetadata
Update requires: No interruption
Logs-
Enables Amazon CloudWatch logging for brokers.
Required: No
Type: LogList
Update requires: No interruption
MaintenanceWindowStartTime-
The parameters that determine the WeeklyStartTime.
Required: No
Type: MaintenanceWindow
Update requires: No interruption
PubliclyAccessible-
Enables connections from applications outside of the VPC that hosts the broker's subnets. Set to
falseby default, if no value is provided.Required: Yes
Type: Boolean
Update requires: Replacement
SecurityGroups-
The list of rules (1 minimum, 125 maximum) that authorize connections to brokers.
Required: No
Type: Array of String
Minimum:
1Maximum:
5Update requires: No interruption
StorageType-
The broker's storage type.
Required: No
Type: String
Allowed values:
EBS | EFSUpdate requires: Replacement
SubnetIds-
The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ Amazon MQ for ActiveMQ deployment requires two subnets. A CLUSTER_MULTI_AZ Amazon MQ for RabbitMQ deployment has no subnet requirements when deployed with public accessibility. Deployment without public accessibility requires at least one subnet.
Important
If you specify subnets in a shared VPC for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account. Amazon MQ will not be able to create VPC endpoints in VPCs that are not owned by your AWS account.
Required: No
Type: Array of String
Update requires: Replacement
-
Create tags when creating the broker.
Required: No
Type: Array of TagsEntry
Update requires: No interruption
Users-
The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.
When OAuth 2.0 is enabled, the broker accepts one or no users.
Required: No
Type: Array of User
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon MQ broker ID. For example:
b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
AmqpEndpoints-
The AMQP endpoints of each broker instance as a list of strings.
amqp+ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:5671 Arn-
The Amazon Resource Name (ARN) of the Amazon MQ broker.
arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 ConfigurationId-
The unique ID that Amazon MQ generates for the configuration.
c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 ConfigurationRevision-
The revision number of the configuration.
1 ConsoleURLsProperty description not available.
EngineVersionCurrentProperty description not available.
IpAddresses-
The IP addresses of each broker instance as a list of strings. Does not apply to RabbitMQ brokers.
['198.51.100.2', '203.0.113.9'] MqttEndpoints-
The MQTT endpoints of each broker instance as a list of strings.
mqtt+ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:8883 OpenWireEndpoints-
The OpenWire endpoints of each broker instance as a list of strings.
ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:61617 StompEndpoints-
The STOMP endpoints of each broker instance as a list of strings.
stomp+ssl://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:61614 WssEndpoints-
The WSS endpoints of each broker instance as a list of strings.
wss://b-4aada85d-a80c-4be0-9d30-e344a01b921e-1.mq.eu-central-amazonaws.com:61619
Examples
Basic Amazon MQ Broker
The following examples creates a basic Amazon MQ broker. The RabbitMQ example creates a broker with one administrative user, while the ActiveMQ example creates a broker with one user that belongs to a group.
JSON
{ "Description": "Create a basic Amazon MQ for ActiveMQ broker", "Resources": { "BasicBroker": { "Type": "AWS::AmazonMQ::Broker", "Properties": { "AutoMinorVersionUpgrade": "false", "BrokerName": "MyBasicActiveBroker", "DeploymentMode": "SINGLE_INSTANCE", "EngineType": "ActiveMQ", "EngineVersion": "5.15.0", "HostInstanceType": "mq.t2.micro", "PubliclyAccessible": "true", "Users": [ { "ConsoleAccess": "true", "Groups": [ "MyGroup" ], "Password" : "AmazonMqPassword", "Username" : "AmazonMqUsername" } ] } } } }
JSON
{ "Description": "Create a basic Amazon MQ for RabbitMQ broker", "Resources": { "BasicBroker": { "Type": "AWS::AmazonMQ::Broker", "Properties": { "AutoMinorVersionUpgrade": "false", "BrokerName": "MyBasicRabbitBroker", "DeploymentMode": "SINGLE_INSTANCE", "EngineType": "RabbitMQ", "EngineVersion": "3.8.6", "HostInstanceType": "mq.t3.micro", "PubliclyAccessible": "true", "Users": [ { "Password" : "AmazonMqPassword", "Username" : "AmazonMqUsername" } ] } } } }
YAML
--- Description: "Create a basic Amazon MQ for ActiveMQ broker" Resources: BasicBroker: Type: "AWS::AmazonMQ::Broker" Properties: AutoMinorVersionUpgrade: "false" BrokerName: MyBasicActiveBroker DeploymentMode: SINGLE_INSTANCE EngineType: ActiveMQ EngineVersion: "5.15.0" HostInstanceType: mq.t2.micro PubliclyAccessible: "true" Users: - ConsoleAccess: "true" Groups: - MyGroup Password: AmazonMqPassword Username: AmazonMqUsername
YAML
--- Description: "Create a basic Amazon MQ for RabbitMQ broker" Resources: BasicBroker: Type: "AWS::AmazonMQ::Broker" Properties: AutoMinorVersionUpgrade: "false" BrokerName: MyBasicRabbitBroker DeploymentMode: SINGLE_INSTANCE EngineType: RabbitMQ EngineVersion: "3.8.6" HostInstanceType: mq.t3.micro PubliclyAccessible: "true" Users: - Password: AmazonMqPassword Username: AmazonMqUsername
Complex Amazon MQ Broker
The following example creates a complex Amazon MQ broker. The ActiveMQ example creates a broker with two users that don't belong to a group and one user that belongs in a group. The RabbitMQ example creates one administrator user, which can then create and manage other users via the RabbitMQ web console or the management API.
JSON
{ "Description": "Create a complex, single-instance Amazon MQ for ActiveMQ broker", "Resources": { "ComplexBroker": { "Type": "AWS::AmazonMQ::Broker", "Properties": { "AutoMinorVersionUpgrade": "false", "BrokerName": "MyComplexActiveBroker", "Configuration": { "Id": { "Ref": "Configuration1" }, "Revision" : { "Fn::GetAtt": ["Configuration1", "Revision"] } }, "DeploymentMode": "SINGLE_INSTANCE", "EngineType": "ActiveMQ", "EngineVersion": "5.15.0", "HostInstanceType": "mq.t2.micro", "Logs": { "General": true, "Audit": false }, "MaintenanceWindowStartTime": { "DayOfWeek": "Monday", "TimeOfDay": "22:45", "TimeZone": "America/Los_Angeles" }, "PubliclyAccessible": "true", "SecurityGroups": [ "sg-a1b234cd", "sg-e5f678gh" ], "SubnetIds": [ "subnet-12a3b45c", "subnet-67d8e90f" ], "Users": [{ "ConsoleAccess": "true", "Password" : "AmazonMqPassword", "Username" : "AmazonMqUsername" }, { "Password" : "AmazonMqPassword2", "Username" : "AmazonMqUsername2" }, { "Groups": [ "MyGroup1", "MyGroup2" ], "Password" : "AmazonMqPassword3", "Username" : "AmazonMqUsername3" }] } } } }
JSON
{ "Description": "Create a complex, single-instance Amazon MQ RabbitMQ broker without public accessibility", "Resources": { "ComplexBroker": { "Type": "AWS::AmazonMQ::Broker", "Properties": { "AutoMinorVersionUpgrade": "true", "BrokerName": "MyComplexRabbitBroker", "DeploymentMode": "SINGLE_INSTANCE", "EngineType": "RabbitMQ", "EngineVersion": "3.8.6", "HostInstanceType": "mq.t3.micro", "Logs": { "General": true }, "MaintenanceWindowStartTime": { "DayOfWeek": "Monday", "TimeOfDay": "22:45", "TimeZone": "America/Los_Angeles" }, "PubliclyAccessible": "false", "SecurityGroups": [ "sg-1a234b5cd6efgh7i8" ], "SubnetIds": [ "subnet-123456b7891abcd1f" ], "Users": [ { "Password" : "AmazonMqPassword", "Username" : "AmazonMqUsername" } ] } } } }
YAML
Description: Create a complex, single-instance Amazon MQ for ActiveMQ broker Resources: ComplexBroker: Type: 'AWS::AmazonMQ::Broker' Properties: AutoMinorVersionUpgrade: 'false' BrokerName: MyComplexActiveBroker Configuration: Id: !Ref Configuration1 Revision: !GetAtt - Configuration1 - Revision DeploymentMode: SINGLE_INSTANCE EngineType: ActiveMQ EngineVersion: 5.15.0 HostInstanceType: mq.t2.micro Logs: General: true Audit: false MaintenanceWindowStartTime: DayOfWeek: Monday TimeOfDay: '22:45' TimeZone: America/Los_Angeles PubliclyAccessible: 'true' SecurityGroups: - sg-a1b234cd - sg-e5f678gh SubnetIds: - subnet-12a3b45c - subnet-67d8e90f Users: - ConsoleAccess: 'true' Password: AmazonMqPassword Username: AmazonMqUsername - Password: AmazonMqPassword2 Username: AmazonMqUsername2 - Groups: - MyGroup1 - MyGroup2 Password: AmazonMqPassword3 Username: AmazonMqUsername3
YAML
Description: Create a single-instance Amazon MQ for RabbitMQ broker without public accessibility Resources: ComplexBroker: Type: 'AWS::AmazonMQ::Broker' Properties: AutoMinorVersionUpgrade: false BrokerName: MyComplexRabbitBroker DeploymentMode: SINGLE_INSTANCE EngineType: RabbitMQ EngineVersion: 3.8.6 HostInstanceType: mq.t3.micro Logs: General: true MaintenanceWindowStartTime: DayOfWeek: Monday TimeOfDay: '22:45' TimeZone: America/Los_Angeles PubliclyAccessible: false SecurityGroups: - 'sg-1a234b5cd6efgh7i8' SubnetIds: - 'subnet-123456b7891abcd1f' Users: - Password: AmazonMqPassword Username: AmazonMqUsername
