mq-broker
This component is responsible for provisioning an AmazonMQ broker and corresponding security group.
Usage
Stack Level: Regional
Here's an example snippet for how to use this component.
components:
terraform:
mq-broker:
vars:
enabled: true
apply_immediately: true
auto_minor_version_upgrade: true
deployment_mode: "ACTIVE_STANDBY_MULTI_AZ"
engine_type: "ActiveMQ"
engine_version: "5.15.14"
host_instance_type: "mq.t3.micro"
publicly_accessible: false
general_log_enabled: true
audit_log_enabled: true
encryption_enabled: true
use_aws_owned_key: true
Variables
Required Variables
Optional Variables
allowed_cidr_blocks
(list(string)
) optionalList of CIDR blocks that are allowed ingress to the broker's Security Group created in the module
Default value:
[ ]
allowed_security_groups
(list(string)
) optionalList of security groups to be allowed to connect to the broker instance
Default value:
[ ]
apply_immediately
(bool
) optionalSpecifies whether any cluster modifications are applied immediately, or during the next maintenance window
Default value:
false
audit_log_enabled
(bool
) optionalEnables audit logging. User management action made using JMX or the ActiveMQ Web Console is logged
Default value:
true
auto_minor_version_upgrade
(bool
) optionalEnables automatic upgrades to new minor versions for brokers, as Apache releases the versions
Default value:
false
deployment_mode
(string
) optionalThe deployment mode of the broker. Supported: SINGLE_INSTANCE and ACTIVE_STANDBY_MULTI_AZ
Default value:
"ACTIVE_STANDBY_MULTI_AZ"
encryption_enabled
(bool
) optionalFlag to enable/disable Amazon MQ encryption at rest
Default value:
true
engine_type
(string
) optionalType of broker engine,
ActiveMQ
orRabbitMQ
Default value:
"ActiveMQ"
engine_version
(string
) optionalThe version of the broker engine. See https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html for more details
Default value:
"5.15.14"
existing_security_groups
(list(string)
) optionalList of existing Security Group IDs to place the broker into. Set
use_existing_security_groups
totrue
to enable usingexisting_security_groups
as Security Groups for the brokerDefault value:
[ ]
general_log_enabled
(bool
) optionalEnables general logging via CloudWatch
Default value:
true
host_instance_type
(string
) optionalThe broker's instance type. e.g. mq.t2.micro or mq.m4.large
Default value:
"mq.t3.micro"
kms_mq_key_arn
(string
) optionalARN of the AWS KMS key used for Amazon MQ encryption
Default value:
null
kms_ssm_key_arn
(string
) optionalARN of the AWS KMS key used for SSM encryption
Default value:
"alias/aws/ssm"
maintenance_day_of_week
(string
) optionalThe maintenance day of the week. e.g. MONDAY, TUESDAY, or WEDNESDAY
Default value:
"SUNDAY"
maintenance_time_of_day
(string
) optionalThe maintenance time, in 24-hour format. e.g. 02:00
Default value:
"03:00"
maintenance_time_zone
(string
) optionalThe maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET
Default value:
"UTC"
mq_admin_password
(string
) optionalAdmin password
Default value:
null
mq_admin_password_ssm_parameter_name
(string
) optionalSSM parameter name for Admin password
Default value:
"mq_admin_password"
mq_admin_user
(string
) optionalAdmin username
Default value:
null
mq_admin_user_ssm_parameter_name
(string
) optionalSSM parameter name for Admin username
Default value:
"mq_admin_username"
mq_application_password
(string
) optionalApplication password
Default value:
null
mq_application_password_ssm_parameter_name
(string
) optionalSSM parameter name for Application password
Default value:
"mq_application_password"
mq_application_user
(string
) optionalApplication username
Default value:
null
mq_application_user_ssm_parameter_name
(string
) optionalSSM parameter name for Application username
Default value:
"mq_application_username"
overwrite_ssm_parameter
(bool
) optionalWhether to overwrite an existing SSM parameter
Default value:
true
publicly_accessible
(bool
) optionalWhether to enable connections from applications outside of the VPC that hosts the broker's subnets
Default value:
false
ssm_parameter_name_format
(string
) optionalSSM parameter name format
Default value:
"/%s/%s"
ssm_path
(string
) optionalSSM path
Default value:
"mq"
use_aws_owned_key
(bool
) optionalBoolean to enable an AWS owned Key Management Service (KMS) Customer Master Key (CMK) for Amazon MQ encryption that is not in your account
Default value:
true
use_existing_security_groups
(bool
) optionalFlag to enable/disable creation of Security Group in the module. Set to
true
to disable Security Group creation and provide a list of existing security Group IDs inexisting_security_groups
to place the broker intoDefault value:
false
Context Variables
The following variables are defined in the context.tf
file of this module and part of the terraform-null-label pattern.
context.tf
file of this module and part of the terraform-null-label pattern.Outputs
admin_username
AmazonMQ admin username
application_username
AmazonMQ application username
broker_arn
AmazonMQ broker ARN
broker_id
AmazonMQ broker ID
primary_amqp_ssl_endpoint
AmazonMQ primary AMQP+SSL endpoint
primary_console_url
AmazonMQ active web console URL
primary_ip_address
AmazonMQ primary IP address
primary_mqtt_ssl_endpoint
AmazonMQ primary MQTT+SSL endpoint
primary_ssl_endpoint
AmazonMQ primary SSL endpoint
primary_stomp_ssl_endpoint
AmazonMQ primary STOMP+SSL endpoint
primary_wss_endpoint
AmazonMQ primary WSS endpoint
secondary_amqp_ssl_endpoint
AmazonMQ secondary AMQP+SSL endpoint
secondary_console_url
AmazonMQ secondary web console URL
secondary_ip_address
AmazonMQ secondary IP address
secondary_mqtt_ssl_endpoint
AmazonMQ secondary MQTT+SSL endpoint
secondary_ssl_endpoint
AmazonMQ secondary SSL endpoint
secondary_stomp_ssl_endpoint
AmazonMQ secondary STOMP+SSL endpoint
secondary_wss_endpoint
AmazonMQ secondary WSS endpoint
security_group_arn
The ARN of the created security group
security_group_id
AmazonMQ security group id
security_group_name
The name of the created security group
Dependencies
Requirements
terraform
, version:>= 1.0.0
aws
, version:>= 4.0
local
, version:>= 2.4
template
, version:>= 2.2
utils
, version:>= 1.10.0
Modules
Name | Version | Source | Description |
---|---|---|---|
eks | 1.5.0 | cloudposse/stack-config/yaml//modules/remote-state | n/a |
iam_roles | latest | ../account-map/modules/iam-roles | n/a |
mq_broker | 3.5.0 | cloudposse/mq-broker/aws | n/a |
this | 0.25.0 | cloudposse/label/null | n/a |
vpc | 1.5.0 | cloudposse/stack-config/yaml//modules/remote-state | n/a |
References
- cloudposse/terraform-aws-components - Cloud Posse's upstream component