Component: mq-broker
This component is responsible for provisioning an AmazonMQ broker and corresponding security group.
Usage
Stack Level: Regional
Here's an example snippet for how to use this component.
components:
terraform:
mq-broker:
vars:
enabled: true
apply_immediately: true
auto_minor_version_upgrade: true
deployment_mode: "ACTIVE_STANDBY_MULTI_AZ"
engine_type: "ActiveMQ"
engine_version: "5.15.14"
host_instance_type: "mq.t3.micro"
publicly_accessible: false
general_log_enabled: true
audit_log_enabled: true
encryption_enabled: true
use_aws_owned_key: true
Requirements
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| aws | >= 3.0 |
| local | >= 1.3 |
| template | >= 2.2 |
| utils | >= 0.3.0 |
Providers
No providers.
Modules
| Name | Source | Version |
|---|---|---|
| eks | cloudposse/stack-config/yaml//modules/remote-state | 1.4.1 |
| iam_roles | ../account-map/modules/iam-roles | n/a |
| mq_broker | cloudposse/mq-broker/aws | 0.14.0 |
| this | cloudposse/label/null | 0.24.1 |
| vpc | cloudposse/stack-config/yaml//modules/remote-state | 1.4.1 |
Resources
No resources.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_tag_map | Additional tags for appending to tags_as_list_of_maps. Not added to tags. | map(string) | {} | no |
| allowed_cidr_blocks | List of CIDR blocks that are allowed ingress to the broker's Security Group created in the module | list(string) | [] | no |
| allowed_security_groups | List of security groups to be allowed to connect to the broker instance | list(string) | [] | no |
| apply_immediately | Specifies whether any cluster modifications are applied immediately, or during the next maintenance window | bool | false | no |
| attributes | Additional attributes (e.g. 1) | list(string) | [] | no |
| audit_log_enabled | Enables audit logging. User management action made using JMX or the ActiveMQ Web Console is logged | bool | true | no |
| auto_minor_version_upgrade | Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions | bool | false | no |
| context | Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value.Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. | any | | no |
| delimiter | Delimiter to be used between namespace, environment, stage, name and attributes.Defaults to - (hyphen). Set to "" to use no delimiter at all. | string | null | no |
| deployment_mode | The deployment mode of the broker. Supported: SINGLE_INSTANCE and ACTIVE_STANDBY_MULTI_AZ | string | "ACTIVE_STANDBY_MULTI_AZ" | no |
| enabled | Set to false to prevent the module from creating any resources | bool | null | no |
| encryption_enabled | Flag to enable/disable Amazon MQ encryption at rest | bool | true | no |
| engine_type | Type of broker engine, ActiveMQ or RabbitMQ | string | "ActiveMQ" | no |
| engine_version | The version of the broker engine. See https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html for more details | string | "5.15.14" | no |
| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | string | null | no |
| existing_security_groups | List of existing Security Group IDs to place the broker into. Set use_existing_security_groups to true to enable using existing_security_groups as Security Groups for the broker | list(string) | [] | no |
| general_log_enabled | Enables general logging via CloudWatch | bool | true | no |
| host_instance_type | The broker's instance type. e.g. mq.t2.micro or mq.m4.large | string | "mq.t3.micro" | no |
| id_length_limit | Limit id to this many characters (minimum 6).Set to 0 for unlimited length.Set to null for default, which is 0.Does not affect id_full. | number | null | no |
| import_profile_name | AWS Profile name to use when importing a resource | string | null | no |
| kms_mq_key_arn | ARN of the AWS KMS key used for Amazon MQ encryption | string | null | no |
| kms_ssm_key_arn | ARN of the AWS KMS key used for SSM encryption | string | "alias/aws/ssm" | no |
| label_key_case | The letter case of label keys (tag names) (i.e. name, namespace, environment, stage, attributes) to use in tags.Possible values: lower, title, upper.Default value: title. | string | null | no |
| label_order | The naming order of the id output and Name tag. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 5 elements, but at least one must be present. | list(string) | null | no |
| label_value_case | The letter case of output label values (also used in tags and id).Possible values: lower, title, upper and none (no transformation).Default value: lower. | string | null | no |
| maintenance_day_of_week | The maintenance day of the week. e.g. MONDAY, TUESDAY, or WEDNESDAY | string | "SUNDAY" | no |
| maintenance_time_of_day | The maintenance time, in 24-hour format. e.g. 02:00 | string | "03:00" | no |
| maintenance_time_zone | The maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET | string | "UTC" | no |
| mq_admin_password | Admin password | string | null | no |
| mq_admin_user | Admin username | string | null | no |
| mq_application_password | Application password | string | null | no |
| mq_application_user | Application username | string | null | no |
| name | Solution name, e.g. 'app' or 'jenkins' | string | null | no |
| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string | null | no |
| overwrite_ssm_parameter | Whether to overwrite an existing SSM parameter | bool | true | no |
| publicly_accessible | Whether to enable connections from applications outside of the VPC that hosts the broker's subnets | bool | false | no |
| regex_replace_chars | Regex to replace chars with empty string in namespace, environment, stage and name.If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits. | string | null | no |
| region | AWS Region | string | n/a | yes |
| ssm_parameter_name_format | SSM parameter name format | string | "/%s/%s" | no |
| ssm_path | SSM path | string | "mq" | no |
| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string | null | no |
| tags | Additional tags (e.g. map('BusinessUnit','XYZ') | map(string) | {} | no |
| use_aws_owned_key | Boolean to enable an AWS owned Key Management Service (KMS) Customer Master Key (CMK) for Amazon MQ encryption that is not in your account | bool | true | no |
| use_existing_security_groups | Flag to enable/disable creation of Security Group in the module. Set to true to disable Security Group creation and provide a list of existing security Group IDs in existing_security_groups to place the broker into | bool | false | no |
Outputs
| Name | Description |
|---|---|
| broker_arn | AmazonMQ broker ARN |
| broker_id | AmazonMQ broker ID |
| primary_amqp_ssl_endpoint | AmazonMQ primary AMQP+SSL endpoint |
| primary_console_url | AmazonMQ active web console URL |
| primary_ip_address | AmazonMQ primary IP address |
| primary_mqtt_ssl_endpoint | AmazonMQ primary MQTT+SSL endpoint |
| primary_ssl_endpoint | AmazonMQ primary SSL endpoint |
| primary_stomp_ssl_endpoint | AmazonMQ primary STOMP+SSL endpoint |
| primary_wss_endpoint | AmazonMQ primary WSS endpoint |
| secondary_amqp_ssl_endpoint | AmazonMQ secondary AMQP+SSL endpoint |
| secondary_console_url | AmazonMQ secondary web console URL |
| secondary_ip_address | AmazonMQ secondary IP address |
| secondary_mqtt_ssl_endpoint | AmazonMQ secondary MQTT+SSL endpoint |
| secondary_ssl_endpoint | AmazonMQ secondary SSL endpoint |
| secondary_stomp_ssl_endpoint | AmazonMQ secondary STOMP+SSL endpoint |
| secondary_wss_endpoint | AmazonMQ secondary WSS endpoint |
References
- cloudposse/terraform-aws-components - Cloud Posse's upstream component