Check provider logo

MQ Broker Auto Minor Version Upgrades should be enabled.

mq_broker_auto_minor_version_upgrades

Severitylow
Servicemq
by Prowler

Ensure that automatic minor version upgrades are enabled on Amazon MQ brokers.

Risk

Amazon MQ brokers without automatic minor version upgrades may miss critical updates, leaving them vulnerable to security risks, bugs, and performance issues.

Run this check with Prowler CLI

prowler aws --checks mq_broker_auto_minor_version_upgrades

Run in Prowler Cloud

ARN template

arn:aws:mq:region:account-id:broker:broker-id

Remediation

CLI

aws mq update-broker --broker-id <broker-id> --auto-minor-version-upgrade

Native IAC

https://docs.prowler.com/checks/aws/general-policies/ensure-aws-mqbrokers-minor-version-updates-are-enabled/

Terraform

https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/MQ/auto-minor-version-upgrade.html

Other

https://docs.aws.amazon.com/securityhub/latest/userguide/mq-controls.html#mq-3

WUI

Ensure that automatic minor version upgrades are enabled on Amazon MQ brokers to receive the latest security patches and improvements automatically.

References:
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/upgrading-brokers.html#upgrading-brokers-automatic-upgrades.html

Source Code

References

Resource Type

AwsAmazonMQBroker

Related URL