By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

RabbitMQ web Console Access(Amazon MQ broker managed) using SSM

0

Hi All, We have rabbitmq service running in private subnet managed by Amazon MQ

how can we access web console of Rabbitmq using SSM

we tried following but we are not able to access website doen't load

Note: we provided proper security group "as i already tested with bastion host in public and ssh dynamic port forwarding its working"... but not using SSM

aws ssm start-session
--target "<JumpHostId>"
--document-name AWS-StartPortForwardingSessionToRemoteHost
--parameters host="<hostid>.mq.us-east-1.amazonaws.com",portNumber=15672,localPortNumber="4545"
--region="us-east-1"

so is this possible to access using SSM?

https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/accessing-web-console-of-broker-without-public-accessibility.html

only document using ssh to bastion host

how can we do it using SSM?

Topics
Security, Identity, & ComplianceManagement & GovernanceApplication Integration
Tags
AWS Identity and Access ManagementAWS Systems ManagerAmazon MQSession Management
Language
English
Nisarg
asked a month ago167 views
1 Answer
1
Accepted Answer

Hello.

The web console connects via HTTPS, so I think the port number is 443.
If you have successfully configured the settings using the steps in the document below, you should have allowed HTTPS in your security group.
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/accessing-web-console-of-broker-without-public-accessibility.html

private-sg must allow inbound connections from public-sg. We recommend restricting this security group to port 8162 for ActiveMQ, and port 443 for RabbitMQ.

In other words, you need to set the option to "portNumber=443".

aws ssm start-session
--target "EC2 Instance ID"
--document-name AWS-StartPortForwardingSessionToRemoteHost
--parameters host="<hostid>.mq.us-east-1.amazonaws.com",portNumber=443,localPortNumber="4545"
--region="us-east-1"

After executing the command, access "https://localhost:4545" in your browser to open the Rabbitmq console.
a

profile picture
EXPERT
Riku_Kobayashi
answered a month ago
  • Nisarg
    a month ago

    are you able to access it ?i tried but still getting

    This page isn’t working localhost sent an invalid response. ERR_INVALID_HTTP_RESPONSE

    What i have tried so far

    1. Created Bastion Host in public subnet --> applied proper security group: "Able to access Rabbitmq console - using ssh -D : SOCK S proxy"
    2. Tried SSM to EC2 instance in private subnet --> applied security group: "Not able to Access RabbitMQ console"
    3. Created Bastion host in public subnet --> installed SSM agent --> applied Proper Security Group: "Not able to access Rabbtimq"
  • Riku_Kobayashi EXPERT
    a month ago

    I tried it with my AWS account and I can access it. I tried the following configuration.

    Created Bastion host in public subnet --> installed SSM agent --> applied Proper Security Group: "Not able to access Rabbtimq"

    By the way, does the following command succeed?

    aws ssm start-session
--target "EC2 Instance ID"
--document-name AWS-StartPortForwardingSessionToRemoteHost
--parameters host="<hostid>.mq.us-east-1.amazonaws.com",portNumber=443,localPortNumber="4545"
--region="us-east-1"

    Also, could you please share the detailed rules of the security group set for Amazon MQ? Do you allow HTTPS connections from the stepping stone EC2 in the security group set for Amazon MQ?

  • Nisarg
    a month ago

    Its working: i made mistake of not using https://localhost:4545 i was trying http://localhost:4545

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content