AWS Security ChangesHomeSearch

AWS amazon-mq documentation change

Service: amazon-mq · 2026-03-04 · Documentation low

File: amazon-mq/latest/developer-guide/security-broker-auth-ref.md

Summary

Added IAM authentication section with STS/JWT token details

Security assessment

Documents new security feature without evidence of patching a vulnerability

Diff

diff --git a/amazon-mq/latest/developer-guide/security-broker-auth-ref.md b/amazon-mq/latest/developer-guide/security-broker-auth-ref.md
index cef0d64f2..072a71a30 100644
--- a//amazon-mq/latest/developer-guide/security-broker-auth-ref.md
+++ b//amazon-mq/latest/developer-guide/security-broker-auth-ref.md
@@ -9 +9 @@ Authentication and authorization for Amazon MQ for ActiveMQAuthentication and au
-Amazon MQ provides different authentication and authorization methods depending on your broker engine type:
+Amazon MQ provides different authentication and authorization methods depending on your broker engine type.
@@ -34,0 +35,4 @@ In this method, broker users and their permissions are managed by an external OA
+### IAM authentication and authorization
+
+In this method, broker users authenticate using AWS IAM credentials through [IAM outbound federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html). IAM credentials are used to obtain JWT tokens from AWS Security Token Service (STS), and these JWT tokens serve as OAuth 2.0 tokens for authentication. This method leverages the existing OAuth 2.0 support in Amazon MQ for RabbitMQ, where AWS acts as the OAuth 2.0 identity provider. User authentication is handled by AWS IAM, while resource permissions for vhosts, exchanges, queues, and topics are managed through IAM policies and scope aliases configured in RabbitMQ. For more information, see [IAM authentication and authorization](./iam-for-amq-for-rabbitmq.html).
+