AWS amazon-mq documentation change
Summary
Added section on SSL certificate authentication using mutual TLS (mTLS) for RabbitMQ brokers
Security assessment
Introduces documentation for certificate-based authentication which enhances security by eliminating credential transmission. No evidence of addressing a specific vulnerability.
Diff
diff --git a/amazon-mq/latest/developer-guide/amazon-mq-access.md b/amazon-mq/latest/developer-guide/amazon-mq-access.md index 89a7c8ee7..e3866cc8e 100644 --- a//amazon-mq/latest/developer-guide/amazon-mq-access.md +++ b//amazon-mq/latest/developer-guide/amazon-mq-access.md @@ -30,0 +31,4 @@ In this method, broker users and their permissions are managed by an external HT +### SSL certificate authentication + +Amazon MQ supports mutual TLS (mTLS) for RabbitMQ brokers. The SSL authentication plugin uses client certificates from mTLS connections to authenticate users. In this method, broker users are authenticated using X.509 client certificates instead of username and password credentials. The client's certificate is validated against a trusted Certificate Authority (CA), and the username is extracted from a field in the certificate, such as the Common Name (CN) or Subject Alternative Name (SAN). This method provides strong authentication without transmitting credentials over the network. For more information, see [SSL certificate authentication](./ssl-for-amq-for-rabbitmq.html). +