Table: aws_mq_broker - Query AWS MQ Brokers using SQL
Amazon MQ is a managed message broker service provided by AWS (Amazon Web Services). It supports popular messaging protocols such as MQTT, AMQP, and STOMP, making it compatible with a variety of applications. Amazon MQ simplifies the setup, deployment, and maintenance of message brokers, allowing you to focus on developing your applications.
Table Usage Guide
The aws_mq_broker
table in Steampipe provides you with information about MQ brokers within AWS. This table allows you, as a DevOps engineer, to query broker specific details, including the boker ARN, creation time, and associated metadata. You can utilize this table to gather insights on nrokers, such as the number of broker nodes, the version and type of the engine used, the state of the broker, and more. The schema outlines the various attributes of the MQ broker for you, including the encryption info, authentication strategy, and associated tags.
Examples
Basic Info
Explore the status and details of your AWS MQ broker to understand their configuration and operational state.
select arn, broker_name, broker_state, deployment_mode, created, host_instance_type, engine_type, engine_version tagsfrom aws_mq_broker;
select arn, broker_name, broker_state, deployment_mode, created, host_instance_type, engine_type, engine_version tagsfrom aws_mq_broker;
List brokers that are in rebooting state
Identify certain brokers within AWS MQ service that are in reboot state. This could be useful for system administrators who need to manage resources.
select arn, broker_name, broker_state, created data_replication_mode, authentication_strategyfrom aws_mq_brokerwhere broker_state = 'REBOOT_IN_PROGRESS';
select arn, broker_name, broker_state, created data_replication_mode, authentication_strategyfrom aws_mq_brokerwhere broker_state = 'REBOOT_IN_PROGRESS';
List brokers that allow public access
Determine the areas in which public access is allowed for broker. This is useful for identifying potential security risks and ensuring that access to sensitive data is appropriately restricted.
select arn, broker_name, broker_state, createdfrom aws_mq_brokerwhere publicly_accessible;
select arn, broker_name, broker_state, createdfrom aws_mq_brokerwhere publicly_accessible;
List brokers that encrypted with customer managed key
Identify the specific domains or components within the system where data is secured through encryption using keys managed by the customer.
select arn, broker_name, encryption_options ->> 'UseAwsOwnedKey' as use_aws_owned_key, createdfrom aws_mq_brokerwhere encryption_options ->> 'UseAwsOwnedKey' = 'false';
select arn, broker_name, json_extract( encryption_options, '$.EncryptionInfo.EncryptionAtRest' ) as use_aws_owned_key, createdfrom aws_mq_brokerwhere json_extract(encryption_options, '$.UseAwsOwnedKey') = 'false';
Get maintenance window details of brokers
During the Maintenance Window, the broker instances might be briefly unavailable or experience reduced capacity as updates are applied. This scheduled approach helps minimize the impact on your applications and users, as these activities are carried out during a designated time frame, allowing for predictability and coordination.
select arn, broker_name, maintenance_window_start_time -> 'DayOfWeek' as day_of_week, maintenance_window_start_time -> 'TimeOfDay' as time_of_day, maintenance_window_start_time -> 'TimeZone' as time_zonefrom aws_mq_broker;
select arn, broker_name, json_extract(maintenance_window_start_time, '$.DayOfWeek') as day_of_week, json_extract(maintenance_window_start_time, '$.TimeOfDay') as time_of_day, json_extract(maintenance_window_start_time, '$.TimeZone') as time_zonefrom aws_mq_broker;
Schema for aws_mq_broker
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
actions_required | jsonb | Actions required for a broker. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the broker. | |
authentication_strategy | text | The authentication strategy used to secure the broker. The default is SIMPLE. | |
auto_minor_version_upgrade | boolean | Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. | |
broker_id | text | = | The unique ID that Amazon MQ generates for the broker. |
broker_instances | jsonb | A list of information about allocated brokers. | |
broker_name | text | The broker's name. | |
broker_state | text | The broker's status. | |
configurations | jsonb | The list of all revisions for the specified configuration. | |
created | timestamp with time zone | The time when the broker was created. | |
data_replication_metadata | jsonb | The replication details of the data replication-enabled broker. Only returned if dataReplicationMode is set to CRDR. | |
data_replication_mode | text | Describes whether this broker is a part of a data replication pair. | |
deployment_mode | text | The broker's deployment mode. | |
encryption_options | jsonb | Encryption options for the broker. | |
engine_type | text | The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ. | |
engine_version | text | The broker engine's version. | |
host_instance_type | text | The broker's instance type. | |
ldap_server_metadata | jsonb | The metadata of the LDAP server used to authenticate and authorize connections to the broker. | |
logs | jsonb | The list of information about logs currently enabled and pending to be deployed for the specified broker. | |
maintenance_window_start_time | jsonb | The parameters that determine the WeeklyStartTime. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
pending_authentication_strategy | text | The authentication strategy that will be applied when the broker is rebooted. The default is SIMPLE. | |
pending_data_replication_metadata | jsonb | The pending replication details of the data replication-enabled broker. Only returned if pendingDataReplicationMode is set to CRDR. | |
pending_data_replication_mode | text | Describes whether this broker will be a part of a data replication pair after reboot. | |
pending_engine_version | text | The broker engine version to upgrade to. | |
pending_host_instance_type | text | The broker's host instance type to upgrade to. | |
pending_ldap_server_metadata | jsonb | The metadata of the LDAP server that will be used to authenticate and authorize connections to the broker after it is rebooted. | |
pending_security_groups | jsonb | The list of pending security groups to authorize connections to brokers. | |
publicly_accessible | boolean | Enables connections from applications outside of the VPC that hosts the broker's subnets. | |
region | text | The AWS Region in which the resource is located. | |
security_groups | jsonb | The list of rules (1 minimum, 125 maximum) that authorize connections to brokers. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
storage_type | text | The broker's storage type. | |
subnet_ids | jsonb | The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. | |
tags | jsonb | A list of tags attached to the broker. | |
title | text | Title of the resource. | |
users | jsonb | The list of all broker usernames for the specified broker. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_mq_broker