Amazon MQ for RabbitMQ Authentication and Authorization
Amazon MQ for RabbitMQ supports the following authentication and authorization methods:
Simple authentication and authorization
In this method, broker users are stored internally in the RabbitMQ broker and managed through the web console or management API. Permissions for vhosts, exchanges, queues, and topics are configured directly in RabbitMQ. This is the default method. For more information, see Simple authentication and authorization.
OAuth 2.0 authentication and authorization
In this method, broker users and their permissions are managed by an external OAuth 2.0 identity provider (IdP). User authentication and resource permissions for vhosts, exchanges, queues, and topics are centralized through the OAuth 2.0 provider's scope system. This simplifies user management and enables integration with existing identity systems. For more information, see OAuth 2.0 authentication and authorization.
LDAP authentication and authorization
In this method, broker users and their permissions are managed by an external LDAP directory service. User authentication and resource permissions are centralized through the LDAP server, allowing users to access RabbitMQ using their existing directory service credentials. For more information, see LDAP authentication and authorization.
Note
RabbitMQ supports multiple authentication and authorization methods to be used simultaneously. For example, you can enable both OAuth 2.0 and simple (internal) authentication. For more information, see the OAuth 2.0 tutorial section on enabling both OAuth 2.0 and simple (internal) authentication and the RabbitMQ access control documentation
Amazon MQ recommends creating an internal user when testing authentication configurations. This allows access configuration to be validated using RabbitMQ management API. For more information, see Access validation.
