AWS Security ChangesHomeSearch

AWS amazon-mq medium security documentation change

Service: amazon-mq · 2025-11-19 · Security-related medium

File: amazon-mq/latest/developer-guide/oauth-for-amq-for-rabbitmq.md

Summary

Refactored authentication documentation, added LDAP reference, and removed simple auth details

Security assessment

Emphasizes OAuth 2.0/LDAP over simple authentication, promoting stronger security practices. LDAP integration reduces reliance on internal user stores.

Diff

diff --git a/amazon-mq/latest/developer-guide/oauth-for-amq-for-rabbitmq.md b/amazon-mq/latest/developer-guide/oauth-for-amq-for-rabbitmq.md
index d0b917c57..dd4d107f6 100644
--- a//amazon-mq/latest/developer-guide/oauth-for-amq-for-rabbitmq.md
+++ b//amazon-mq/latest/developer-guide/oauth-for-amq-for-rabbitmq.md
@@ -9 +9 @@ Supported OAuth 2.0 configurationsAdditional validations for OAuth 2.0 authentic
-Amazon MQ for RabbitMQ supports the following authentication and authorization methods:
+Amazon MQ for RabbitMQ supports multiple authentication and authorization methods. For information about all supported methods, see [Authentication and authorization for Amazon MQ for RabbitMQ brokers](./amazon-mq-access.html#rabbitmq-authentication).
@@ -11,7 +11 @@ Amazon MQ for RabbitMQ supports the following authentication and authorization m
-###### Simple authentication and authorization
-
-In this method, broker users are stored internally in the RabbitMQ broker and managed through the web console or management API. Permissions for vhosts, exchanges, queues, and topics are configured directly in RabbitMQ. This is the default method. For more information about this method, see [Broker users](./rabbitmq-basic-elements-user.html).
-
-###### OAuth 2.0 authentication and authorization
-
-In this method, broker users and their permissions are managed by an external OAuth 2.0 identity provider (IdP). User authentication and resource permissions for vhosts, exchanges, queues, and topics are centralized through the OAuth 2.0 provider's scope system. This simplifies user management and enables integration with existing identity systems.
+In OAuth 2.0 authentication and authorization, broker users and their permissions are managed by an external OAuth 2.0 identity provider (IdP). User authentication and resource permissions for vhosts, exchanges, queues, and topics are centralized through the OAuth 2.0 provider's scope system. This simplifies user management and enables integration with existing identity systems.
@@ -34 +28 @@ In this method, broker users and their permissions are managed by an external OA
-For information about how to configure OAuth 2.0 authentication for your Amazon MQ for RabbitMQ brokers, see [Using OAuth 2.0 authentication and authorization](./oauth-tutorial.html).
+For information about how to configure OAuth 2.0 for your Amazon MQ for RabbitMQ brokers, see [Using OAuth 2.0 authentication and authorization](./oauth-tutorial.html).
@@ -81 +75 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Configuration values
+Broker users
@@ -83 +77 @@ Configuration values
-Quorum queues
+LDAP authentication and authorization