README.md

terraform-aws-mq

Terraform module for provisioning an Amazon MQ broker

Usage

module "mq" {
  source  = "dare-global/mq/aws"
  version = "1.X.X"

  broker_name = "mq-broker"
  subnet_ids = ["subnet-id-12345"]
}

Examples

• ActiveMQ
• RabbitMQ

Requirements

Name	Version
terraform	>= 1.3.0
aws	>= 5.0.0

Providers

Name	Version
aws	>= 5.0.0

Modules

No modules.

Resources

Name	Type
aws_lb.main	resource
aws_lb_listener.main	resource
aws_lb_target_group.main	resource
aws_lb_target_group_attachment.main	resource
aws_mq_broker.main	resource
aws_mq_configuration.main	resource
aws_security_group.main	resource
aws_security_group_rule.cidr_blocks_15671	resource
aws_security_group_rule.cidr_blocks_443	resource
aws_security_group_rule.cidr_blocks_5671	resource
aws_security_group_rule.cidr_blocks_61614	resource
aws_security_group_rule.cidr_blocks_61617	resource
aws_security_group_rule.cidr_blocks_61619	resource
aws_security_group_rule.cidr_blocks_8162	resource
aws_security_group_rule.cidr_blocks_8883	resource
aws_security_group_rule.main	resource
aws_security_group_rule.prefix_lists_15671	resource
aws_security_group_rule.prefix_lists_443	resource
aws_security_group_rule.prefix_lists_5671	resource
aws_security_group_rule.prefix_lists_61614	resource
aws_security_group_rule.prefix_lists_61617	resource
aws_security_group_rule.prefix_lists_61619	resource
aws_security_group_rule.prefix_lists_8162	resource
aws_security_group_rule.prefix_lists_8883	resource
aws_subnet.main	data source

Inputs

Name	Description	Type	Default	Required
apply_immediately	Specifies whether any cluster modifications are applied immediately, or during the next maintenance window	bool	false	no
audit_log_enabled	Enables audit logging. User management action made using JMX or the ActiveMQ Web Console is logged	bool	true	no
authentication_strategy	Authentication strategy used to secure the broker. Valid values are simple and ldap. ldap is not supported for engine_type RabbitMQ.	string	null	no
auto_minor_version_upgrade	Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions	bool	false	no
broker_name	Name of the broker	string	n/a	yes
cidr_blocks_15671	Cidr blocks for the Amazon MQ for RabbitMQ Console security group ingress rule	list(string)	[]	no
cidr_blocks_443	Cidr blocks for the Amazon MQ for RabbitMQ Console security group ingress rule	list(string)	[]	no
cidr_blocks_5671	Cidr block for connections made via SSL AMQP security group ingress rule	list(string)	[]	no
cidr_blocks_61614	Cidr blocks for the Amazon MQ Stomp SSL security group ingress rule	list(string)	[]	no
cidr_blocks_61617	Cidr blocks for the Amazon MQ SSL security group ingress rule	list(string)	[]	no
cidr_blocks_61619	Cidr block for the websocket security group ingress rule	list(string)	[]	no
cidr_blocks_8162	Cidr blocks for the ActiveMQ Console security group ingress rule	list(string)	[]	no
cidr_blocks_8883	Cidr block for the MQTT security group ingress rule	list(string)	[]	no
configuration_data	Broker configuration in XML format	string	null	no
configuration_enabled	Enable configuration block for broker configuration. Applies to engine_type of ActiveMQ only	bool	true	no
create_security_group	Flag to create Security Group for the broker	bool	false	no
deployment_mode	The deployment mode of the broker. Supported: SINGLE_INSTANCE and ACTIVE_STANDBY_MULTI_AZ	string	"ACTIVE_STANDBY_MULTI_AZ"	no
enable_cross_zone_load_balancing	Flag to enable/disable cross zone load balancing of the NLB	bool	true	no
enable_deletion_protection	Flag to enable/disable deletion of NLB via AWS API and Terraform	bool	true	no
encryption_enabled	Flag to enable/disable Amazon MQ encryption at rest	bool	true	no
engine_type	Type of broker engine, ActiveMQ or RabbitMQ	string	"ActiveMQ"	no
engine_version	The version of the broker engine. See https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html for more details	string	"5.17.1"	no
general_log_enabled	Enables general logging via CloudWatch	bool	true	no
host_instance_type	The broker's instance type. e.g. mq.t2.micro or mq.m4.large	string	"mq.t3.micro"	no
kms_mq_key_arn	ARN of the AWS KMS key used for Amazon MQ encryption	string	null	no
maintenance_day_of_week	The maintenance day of the week. e.g. MONDAY, TUESDAY, or WEDNESDAY	string	"SUNDAY"	no
maintenance_time_of_day	The maintenance time, in 24-hour format. e.g. 02:00	string	"03:00"	no
maintenance_time_zone	The maintenance time zone, in either the Country/City format, or the UTC offset format. e.g. CET	string	"UTC"	no
mq_additional_users	Additional MQ users	list(object({ username = string password = string groups = optional(list(string), []) console_access = optional(bool, false) }))	[]	no
nlb_certificate_arn	Ceritificate ARN of NLB	string	null	no
nlb_enabled	Flag to attach Network Load Balancer to Active MQ	bool	false	no
nlb_internal	Scheme type of the NLB, valid value is true or false where true is for internal and false for internet facing	bool	true	no
nlb_name	Name of the NLB	string	null	no
nlb_tags	A mapping of additional tags to be attached to the NLB	map(string)	{}	no
nlb_tg_port	Target Group Port for NLB	number	8883	no
nlb_tg_protocol	Target Group Protocol for NLB	string	"TCP"	no
password	Username for the admin user	string	"adminpass123"	no
prefix_lists_15671	Prefix list ids for the Amazon MQ for RabbitMQ Console security group ingress rule	list(string)	[]	no
prefix_lists_443	Prefix list ids for the Amazon MQ for RabbitMQ Console security group ingress rule	list(string)	[]	no
prefix_lists_5671	Prefix list ids for connections made via SSL AMQP URL security group ingress rule	list(string)	[]	no
prefix_lists_61614	Prefix list ids for the Amazon MQ Stomp SSL security group ingress rule	list(string)	[]	no
prefix_lists_61617	Prefix list ids for the Amazon MQ SSL security group ingress rule	list(string)	[]	no
prefix_lists_61619	Prefix list ids for the websocket security group ingress rule	list(string)	[]	no
prefix_lists_8162	Prefix list ids for the ActiveMQ Console security group ingress rule	list(string)	[]	no
prefix_lists_8883	Prefix list ids for the MQTT security group ingress rule	list(string)	[]	no
publicly_accessible	Whether to enable connections from applications outside of the VPC that hosts the broker's subnets	bool	false	no
revoke_rules_on_delete	Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself.	string	true	no
security_group_description	Description of the Security Group	string	"Security Group for the AWS MQ"	no
security_group_name	Name of the Security Group	string	""	no
security_group_tags	A mapping of additional tags to be attached to the Security Group	map(string)	{}	no
security_groups	List of security group IDs assigned to the broker	list(string)	[]	no
storage_type	Storage type of the broker. For engine_type ActiveMQ, the valid values are efs and ebs, and the AWS-default is efs. For engine_type RabbitMQ, only ebs is supported. When using ebs, only the mq.m5 broker instance type family is supported.	string	null	no
subnet_ids	List of VPC subnet IDs	list(string)	[]	no
tags	A mapping of tags to assign to all resources	map(string)	{}	no
use_aws_owned_key	Boolean to enable an AWS owned Key Management Service (KMS) Customer Master Key (CMK) for Amazon MQ encryption that is not in your account	bool	null	no
username	Username for the admin user	string	"admin"	no

Outputs

Name	Description
broker_arn	AmazonMQ broker ARN.
broker_id	AmazonMQ broker ID.
broker_instances	AmazonMQ broker instances details.
nlb_dns_name	NLB DNS Name.
nlb_zone_id	NLB Zone Id.

License

See LICENSE file for full details.

Maintainers

• Marcin Cuber

Pre-commit hooks

Install dependencies

• pre-commit
• terraform-docs required for terraform_docs hooks.
• TFLint required for terraform_tflint hook.

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog