Ensure AWS MQBroker audit logging is enabled

Error: AWS MQBroker audit logging is disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_174
Checkov Check ID: CKV_AWS_197
Severity: LOW

AWS MQBroker audit logging is disabled

Description

It is recommended to have a proper logging process for AWS MQBroke in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_mq_broker" "enabled" {
  broker_name        = "example"
  engine_type        = "ActiveMQ"
  engine_version     = "5.16.3"
  host_instance_type = "mq.t3.micro"

  user {
    password = "admin123"
    username = "admin"
  }

  logs {
    general = true
    audit   = true
  }
}