AWS amazon-mq documentation change
Summary
Added LDAP configuration documentation and removed specific OAuth 2.0 configuration constraints
Security assessment
Introduces LDAP authentication documentation but removes OAuth 2.0 HTTPS/certificate validations without explicit security context. No vulnerability remediation stated.
Diff
diff --git a/amazon-mq/latest/developer-guide/rabbitmq-configuration-policies.md b/amazon-mq/latest/developer-guide/rabbitmq-configuration-policies.md index 247cd69aa..98a46ff90 100644 --- a//amazon-mq/latest/developer-guide/rabbitmq-configuration-policies.md +++ b//amazon-mq/latest/developer-guide/rabbitmq-configuration-policies.md @@ -5 +5 @@ -Configuring OAuth 2.0Configuring consumer delivery acknowledgementConfiguring heartbeatConfiguring operator policiesConfiguring relaxed checks on queue declarationConfiguring HTTP security headers +Configuring OAuth 2.0Configuring LDAPConfiguring consumer delivery acknowledgementConfiguring heartbeatConfiguring operator policiesConfiguring relaxed checks on queue declarationConfiguring HTTP security headers @@ -11 +11 @@ You can set the value of the following broker configuration options by modifying -In addition to the values described in the following table, Amazon MQ supports broker configuration options related to OAuth 2.0. For more information about these configuration options, see the following section, Configuring OAuth 2.0. +In addition to the values described in the following table, Amazon MQ supports broker configuration options related to OAuth 2.0 and LDAP authentication. For more information about these configuration options, see [OAuth 2.0 configuration](oauth-for-amq-for-rabbitmq.html#oauth-tutorial-supported-configs) and [LDAP configuration](ldap-for-amq-for-rabbitmq.html#ldap-supported-configs). @@ -23 +23 @@ secure.management.http.headers.enabled | `true` for brokers on 3.10 created on o -Amazon MQ for RabbitMQ supports all [configurable variables](https://www.rabbitmq.com/docs/oauth2#variables-configurable) in RabbitMQ OAuth 2.0 plugin, with the following exceptions: +For information about OAuth 2.0 configuration options and setting up OAuth 2.0 authentication for your brokers, see [Supported OAuth 2.0 configurations](./oauth-for-amq-for-rabbitmq.html#oauth-tutorial-supported-configs) and [Using OAuth 2.0 authentication and authorization](./oauth-tutorial.html). @@ -25 +25 @@ Amazon MQ for RabbitMQ supports all [configurable variables](https://www.rabbitm - * `auth_oauth2.https.cacertfile` +## Configuring LDAP authentication and authorization @@ -27,23 +27 @@ Amazon MQ for RabbitMQ supports all [configurable variables](https://www.rabbitm - * `auth_oauth2.oauth_providers.{id/index}.https.cacertfile` - - * `management.oauth_client_secret` - -Because Amazon MQ doesn't support this key, we don't support UAA as an IdP. - - * `management.oauth_resource_servers.{id/index}.oauth_client_secret` - - * `auth_oauth2.signing_keys.{id/index}` - - - - -Amazon MQ also enforces the following additional validations for OAuth 2.0 authentication: - - * All URLs need to start with `https://`. - - * Supported signature algorithms: `Ed25519`, `Ed25519ph`, `Ed448`, `Ed448ph`, `EdDSA`, `ES256K`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`, `PS256`, `PS384`, `PS512`, `RS256`, `RS384`, and `RS512`. - - - - -For information about setting up OAuth 2.0 authentication for your brokers, see [Using OAuth 2.0 authentication and authorization](./oauth-tutorial.html). +For information about LDAP configuration options and setting up LDAP authentication for your brokers, see [Supported LDAP configurations](./ldap-for-amq-for-rabbitmq.html#ldap-supported-configs) and [Using LDAP authentication and authorization](./rabbitmq-ldap-tutorial.html). @@ -111 +88 @@ Editing a configuration revision -OAuth 2.0 authentication and authorization +ARN support in RabbitMQ configuration