AWS Security ChangesHomeSearch

AWS amazon-mq documentation change

Service: amazon-mq · 2026-01-10 · Documentation low

File: amazon-mq/latest/developer-guide/rabbitmq-authentication.md

Summary

Added SSL certificate authentication method to overview and documentation

Security assessment

Expands authentication options documentation. No reference to security incident resolution.

Diff

diff --git a/amazon-mq/latest/developer-guide/rabbitmq-authentication.md b/amazon-mq/latest/developer-guide/rabbitmq-authentication.md
index f55b21925..90a9b185e 100644
--- a//amazon-mq/latest/developer-guide/rabbitmq-authentication.md
+++ b//amazon-mq/latest/developer-guide/rabbitmq-authentication.md
@@ -5 +5 @@
-Simple authentication and authorizationOAuth 2.0 authentication and authorizationLDAP authentication and authorizationHTTP authentication and authorization
+Simple authentication and authorizationOAuth 2.0 authentication and authorizationLDAP authentication and authorizationHTTP authentication and authorizationSSL certificate authentication
@@ -26,0 +27,4 @@ In this method, broker users and their permissions are managed by an external HT
+## SSL certificate authentication
+
+Amazon MQ supports mutual TLS (mTLS) for RabbitMQ brokers. The SSL authentication plugin uses client certificates from mTLS connections to authenticate users. In this method, broker users are authenticated using X.509 client certificates instead of username and password credentials. The client's certificate is validated against a trusted Certificate Authority (CA), and the username is extracted from a field in the certificate, such as the Common Name (CN) or Subject Alternative Name (SAN). This method provides strong authentication without transmitting credentials over the network. For more information, see [SSL certificate authentication](./ssl-for-amq-for-rabbitmq.html).
+