AWS amazon-mq documentation change
Summary
Added 'for private brokers' qualifier to security group configuration advice
Security assessment
Refines existing security best practices documentation by specifying context for private brokers. No evidence of addressing a specific vulnerability.
Diff
diff --git a/amazon-mq/latest/developer-guide/using-amazon-mq-securely.md b/amazon-mq/latest/developer-guide/using-amazon-mq-securely.md index ac7ad3af4..0df1515f1 100644 --- a//amazon-mq/latest/developer-guide/using-amazon-mq-securely.md +++ b//amazon-mq/latest/developer-guide/using-amazon-mq-securely.md @@ -38 +38 @@ If you specify an authorization map which doesn't include the `activemq-webconso -To improve security, you should restrict the connections of unnecessary protocols and ports by properly configuring your Amazon VPC Security Group. For instance, to restrict access to most protocols while allowing access to OpenWire and the web console, you could allow access to only 61617 and 8162. This limits your exposure by blocking protocols you are not using, while allowing OpenWire and the web console to function normally. +To improve security for private brokers, you should restrict the connections of unnecessary protocols and ports by properly configuring your Amazon VPC Security Group. For instance, to restrict access to most protocols while allowing access to OpenWire and the web console, you could allow access to only 61617 and 8162. This limits your exposure by blocking protocols you are not using, while allowing OpenWire and the web console to function normally.