MQ

The following arguments are required:

• broker_name - (Required) Name of the broker.
• engine_type - (Required) Type of broker engine. Valid values are ActiveMQ and RabbitMQ.
• engine_version - (Required) Version of the broker engine. See the AmazonMQ Broker Engine docs for supported versions. For example, 5.15.0.
• host_instance_type - (Required) Broker's instance type. For example, mq.t3.micro, mq.m5.large.
• user - (Required) Configuration block for broker users. For engine_type of RabbitMQ, Amazon MQ does not return broker users preventing this resource from making user updates and drift detection. Detailed below.

The following arguments are optional:

• apply_immediately - (Optional) Specifies whether any broker modifications are applied immediately, or during the next maintenance window. Default is false.
• authentication_strategy - (Optional) Authentication strategy used to secure the broker. Valid values are simple and ldap. ldap is not supported for engine_type RabbitMQ.
• auto_minor_version_upgrade - (Optional) Whether to automatically upgrade to new minor versions of brokers as Amazon MQ makes releases available.
• configuration - (Optional) Configuration block for broker configuration. Applies to engine_type of ActiveMQ only. Detailed below.
• deployment_mode - (Optional) Deployment mode of the broker. Valid values are SINGLE_INSTANCE, ACTIVE_STANDBY_MULTI_AZ, and CLUSTER_MULTI_AZ. Default is SINGLE_INSTANCE.
• encryption_options - (Optional) Configuration block containing encryption options. Detailed below.
• ldap_server_metadata - (Optional) Configuration block for the LDAP server used to authenticate and authorize connections to the broker. Not supported for engine_type RabbitMQ. Detailed below. (Currently, AWS may not process changes to LDAP server metadata.)
• logs - (Optional) Configuration block for the logging configuration of the broker. Detailed below.
• maintenance_window_start_time - (Optional) Configuration block for the maintenance window start time. Detailed below.
• publicly_accessible - (Optional) Whether to enable connections from applications outside of the VPC that hosts the broker's subnets.
• security_groups - (Optional) List of security group IDs assigned to the broker.
• storage_type - (Optional) Storage type of the broker. For engine_type ActiveMQ, the valid values are efs and ebs, and the AWS-default is efs. For engine_type RabbitMQ, only ebs is supported. When using ebs, only the mq.m5 broker instance type family is supported.
• subnet_ids - (Optional) List of subnet IDs in which to launch the broker. A SINGLE_INSTANCE deployment requires one subnet. An ACTIVE_STANDBY_MULTI_AZ deployment requires multiple subnets.
• tags - (Optional) Map of tags to assign to the broker. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

configuration

The following arguments are optional:

• id - (Optional) The Configuration ID.
• revision - (Optional) Revision of the Configuration.

encryption_options

The following arguments are optional:

• kms_key_id - (Optional) Amazon Resource Name (ARN) of Key Management Service (KMS) Customer Master Key (CMK) to use for encryption at rest. Requires setting use_aws_owned_key to false. To perform drift detection when AWS-managed CMKs or customer-managed CMKs are in use, this value must be configured.
• use_aws_owned_key - (Optional) Whether to enable an AWS-owned KMS CMK that is not in your account. Defaults to true. Setting to false without configuring kms_key_id will create an AWS-managed CMK aliased to aws/mq in your account.

ldap_server_metadata

The following arguments are optional:

• hosts - (Optional) List of a fully qualified domain name of the LDAP server and an optional failover server.
• role_base - (Optional) Fully qualified name of the directory to search for a user’s groups.
• role_name - (Optional) Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.
• role_search_matching - (Optional) Search criteria for groups.
• role_search_subtree - (Optional) Whether the directory search scope is the entire sub-tree.
• service_account_password - (Optional) Service account password.
• service_account_username - (Optional) Service account username.
• user_base - (Optional) Fully qualified name of the directory where you want to search for users.
• user_role_name - (Optional) Specifies the name of the LDAP attribute for the user group membership.
• user_search_matching - (Optional) Search criteria for users.
• user_search_subtree - (Optional) Whether the directory search scope is the entire sub-tree.

logs

The following arguments are optional:

• audit - (Optional) Enables audit logging. Auditing is only possible for engine_type of ActiveMQ. User management action made using JMX or the ActiveMQ Web Console is logged. Defaults to false.
• general - (Optional) Enables general logging via CloudWatch. Defaults to false.

maintenance_window_start_time

The following arguments are required:

• day_of_week - (Required) Day of the week, e.g., MONDAY, TUESDAY, or WEDNESDAY.
• time_of_day - (Required) Time, in 24-hour format, e.g., 02:00.
• time_zone - (Required) Time zone in either the Country/City format or the UTC offset format, e.g., CET.

user

• console_access - (Optional) Whether to enable access to the ActiveMQ Web Console for the user. Applies to engine_type of ActiveMQ only.
• groups - (Optional) List of groups (20 maximum) to which the ActiveMQ user belongs. Applies to engine_type of ActiveMQ only.
• password - (Required) Password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas.
• username - (Required) Username of the user.

‍