How can I secure Amazon MQ RabbitMQ Broker for Public consumers?

2 minute read
Content level: Intermediate
0

This architecture helps to provide restricted access to an Amazon MQ- RabbitMQ Broker when using with Public consumers

To secure an Amazon RabbitMQ Broker for Public consumers you need to create a broker with private access ( private broker) and create an internet facing Network Load Balancer (NLB). The NLB should be created with a Security Group that you can use to restrict traffic to only IPs that you want to allow.

Below is the architecture associated with it:- Architecture to Secure Broker for Public consumers

Below are the high level steps for the same:-

  1. Create an Amazon MQ RabbitMQ Broker with Access type as Private access. This creates the broker that isn’t publicly accessible and can be accessed only within a VPC
  2. Once the broker is created, navigate to the broker’s detail page and get the host endpoint.
  3. Use a terminal to retrieve the IP Addresses using the host (Linux) or nslookup (Windows) command for the endpoint
  4. Use the IP Addresses to create a Network Load Balancer with a target group of the IP address
  5. Restrict access to the NLB using the Security group to allow list traffic for your desired IPs only for ports 443 and 5671

You can refer to this reference blog for detailed steps

AWS
EXPERT
IshitaC
published 2 months ago831 views