AWS Security ChangesHomeSearch

AWS amazon-mq documentation change

Service: amazon-mq · 2026-01-07 · Documentation low

File: amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md

Summary

Added a note explaining that default 'verify_peer' setting supports broker-to-broker connections but requires disabling peer verification for connections to private/on-premises brokers with non-Amazon MQ CA certificates.

Security assessment

The change documents SSL/TLS configuration requirements for secure connections to non-AWS brokers. While it discusses security implications of disabling peer verification, there's no evidence of a specific vulnerability being patched.

Diff

diff --git a/amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md b/amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md
index a1ad1f466..3fa4efd40 100644
--- a//amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md
+++ b//amazon-mq/latest/developer-guide/rabbitmq-amqp-client-ssl-configuration.md
@@ -16,0 +17,4 @@ On Amazon MQ for RabbitMQ 3 SSL properties of AMQP clients is configured with Ra
+###### Note
+
+With the default `verify_peer` setting, you can establish federation and shovel connections between any 2 Amazon MQ brokers but this does not support establishing the connection between Amazon MQ broker and private brokers or on-premises brokers that are running with non-Amazon MQ CA certificates. To connect with private or on-premises brokers, you need to disable peer verification on the downstream Amazon MQ broker.
+