PlatformResourcesSign inSign Up

Ensure MQ Broker minor version updates are enabled

Error: AWS MQ Broker's minor version updates are disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_113
Checkov Check ID: CKV_AWS_207
Severity: LOW

Suggest Edits

AWS MQ Broker's minor version updates are disabled

Description

When Amazon MQ supports a new version of a broker engine, you can upgrade your broker instances to the new version. There are two kinds of upgrades: major version upgrades and minor version upgrades. Minor upgrades helps maintain a secure and stable MQ broker with minimal impact on the application. For this reason, we recommend that your automatic minor upgrade is enabled. Minor version upgrades only occur automatically if a minor upgrade replaces an unsafe version, such as a minor upgrade that contains bug fixes for a previous version.

Fix - Runtime

CLI Command

aws mq update-broker \
  --region ${region} \
  --broker-id ${resource_id} \
  --auto-minor-version-upgrade

Fix - Buildtime

CloudFormation

Resources: 
  Example:
    Type: "AWS::AmazonMQ::Broker"
    Properties:
      BrokerName: example
      EngineType: ActiveMQ
      EngineVersion: "5.15.9"
      HostInstanceType: mq.t3.micro
+     AutoMinorVersionUpgrade: true

Terraform

resource "aws_mq_broker" "example" {
  broker_name                = "example"
  engine_type                = "ActiveMQ"
  engine_version             = "5.15.9"
  host_instance_type         = "mq.t3.micro"
+ auto_minor_version_upgrade = true
}

Updated 6 months ago