AWS amazon-mq documentation change
Summary
Added section explaining SSL certificate authentication using mTLS and X.509 client certificates.
Security assessment
Documents a new authentication method (certificate-based) which improves security posture, but doesn't reference any patched vulnerability.
Diff
diff --git a/amazon-mq/latest/developer-guide/security-broker-auth-ref.md b/amazon-mq/latest/developer-guide/security-broker-auth-ref.md index df9e6fd59..cef0d64f2 100644 --- a//amazon-mq/latest/developer-guide/security-broker-auth-ref.md +++ b//amazon-mq/latest/developer-guide/security-broker-auth-ref.md @@ -42,0 +43,4 @@ In this method, broker users and their permissions are managed by an external HT +### SSL certificate authentication + +Amazon MQ supports mutual TLS (mTLS) for RabbitMQ brokers. The SSL authentication plugin uses client certificates from mTLS connections to authenticate users. In this method, broker users are authenticated using X.509 client certificates instead of username and password credentials. The client's certificate is validated against a trusted Certificate Authority (CA), and the username is extracted from a field in the certificate, such as the Common Name (CN) or Subject Alternative Name (SAN). This method provides strong authentication without transmitting credentials over the network. For more information, see [SSL certificate authentication](./ssl-for-amq-for-rabbitmq.html). +