AWS Security ChangesHomeSearch

AWS amazon-mq documentation change

Service: amazon-mq · 2026-03-04 · Documentation medium

File: amazon-mq/latest/developer-guide/amazon-mq-access.md

Summary

Added section on IAM authentication using JWT tokens via STS

Security assessment

Documents a new authentication/authorization method using IAM credentials and OAuth 2.0 tokens, which is a security feature enhancement but not a response to a specific vulnerability.

Diff

diff --git a/amazon-mq/latest/developer-guide/amazon-mq-access.md b/amazon-mq/latest/developer-guide/amazon-mq-access.md
index e3866cc8e..83528c1e7 100644
--- a//amazon-mq/latest/developer-guide/amazon-mq-access.md
+++ b//amazon-mq/latest/developer-guide/amazon-mq-access.md
@@ -22,0 +23,4 @@ In this method, broker users and their permissions are managed by an external OA
+### IAM authentication and authorization
+
+In this method, broker users authenticate using AWS IAM credentials through [IAM outbound federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html). IAM credentials are used to obtain JWT tokens from AWS Security Token Service (STS), and these JWT tokens serve as OAuth 2.0 tokens for authentication. This method leverages the existing OAuth 2.0 support in Amazon MQ for RabbitMQ, where AWS acts as the OAuth 2.0 identity provider. User authentication is handled by AWS IAM, while resource permissions for vhosts, exchanges, queues, and topics are managed through IAM policies and scope aliases configured in RabbitMQ. For more information, see [IAM authentication and authorization](./iam-for-amq-for-rabbitmq.html).
+