Skip to content

Module Banner

terraform-aws-arc-mq-broker

Module: sourcefuse/arc-mq-broker/aws

Registry: https://registry.terraform.io/modules/sourcefuse/arc-mq-broker/aws

Category: Messaging / Message Broker

Source: https://github.com/sourcefuse/terraform-aws-arc-mq-broker

Latest Release Last Updated Terraform GitHub Actions

Quality gate

Overview

Creates Amazon MQ brokers (ActiveMQ or RabbitMQ) with VPC, security groups, users, and CloudWatch logging.

Architecture

Architecture Diagram

What It Does

  • ActiveMQ and RabbitMQ broker support
  • Single-instance and active/standby deployment modes
  • VPC and security group configuration
  • User management with password storage in Secrets Manager
  • CloudWatch logging for broker and audit logs
  • Maintenance window configuration

Quickstart

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
################################################################################
## RabbitMQ
################################################################################
module "mq_broker" {
  source              = "sourcefuse/arc-mq-broker/aws"
  version             = "0.0.1"
  name                = var.name
  broker_type         = var.broker_type
  engine_version      = var.engine_version
  host_instance_type  = var.host_instance_type
  vpc_id              = data.aws_vpc.default.id
  subnet_ids          = data.aws_subnets.private.ids
  deployment_mode     = var.deployment_mode
  users               = var.users
  enable_logging      = var.enable_logging
  security_group_data = local.security_group_data
  tags                = module.tags.tags

}

################################################################################
## Apache ActiveMQ
################################################################################
module "mq_broker" {
  source              = "sourcefuse/arc-mq-broker/aws"
  version             = "0.0.1"
  name                = var.name
  broker_type         = var.broker_type
  engine_version      = var.engine_version
  host_instance_type  = var.host_instance_type
  vpc_id              = data.aws_vpc.default.id
  subnet_ids          = data.aws_subnets.private.ids
  storage_type        = var.storage_type
  deployment_mode     = var.deployment_mode
  users_replica       = var.users_replica
  users               = var.users
  enable_logging      = var.enable_logging
  security_group_data = local.security_group_data
  tags                = module.tags.tags

}

Required Inputs

Name Type Description
name string Broker name
broker_type string ActiveMQ or RabbitMQ
host_instance_type string Broker instance type
vpc_id string VPC ID
subnet_ids list(string) Subnet IDs
## Key Outputs
Name Description
broker_id MQ broker ID
broker_arn MQ broker ARN
broker_endpoints List of broker endpoints
## Full Variable & Output Reference

The complete inputs/outputs reference is auto-generated below.

Requirements

Name Version
terraform >= 1.5.0
aws ~> 5.0
random >= 3.0

Providers

Name Version
aws 5.80.0
random 3.6.3

Modules

Name Source Version
arc_security_group sourcefuse/arc-security-group/aws 0.0.1

Resources

Name Type
aws_mq_broker.active-mq resource
aws_mq_broker.rabbit-mq resource
aws_ssm_parameter.replication_user resource
aws_ssm_parameter.replication_user_password resource
aws_ssm_parameter.user_name resource
aws_ssm_parameter.user_password resource
random_password.mq_broker resource

Inputs

Name Description Type Default Required
apply_immediately Whether changes should be applied immediately. bool true no
auto_minor_version_upgrade Indicates whether minor engine upgrades are applied automatically to the instance during the maintenance window. bool true no
broker_type Specify the broker type: RabbitMQ or ActiveMQ string "RabbitMQ" no
data_replication_primary_broker_arn The ARN of the primary broker for data replication string "" no
deployment_mode Deployment mode for the RabbitMQ or ActiveMQ broker. string "SINGLE_INSTANCE" no
enable_data_replication Enable or disable data replication for the broker bool false no
enable_logging Enable general logging for the RabbitMQ broker. bool false no
encryption_options Encryption options for the resource. 
object({
    use_aws_owned_key = bool
    kms_key_id        = string
  })
 
{
  "kms_key_id": null,
  "use_aws_owned_key": true
}
 no
engine_version Version of the RabbitMQ or ActiveMQ engine. string "3.8.26" no
environment Name of the environment, i.e. dev, stage, prod string "dev" no
host_instance_type Instance type for the RabbitMQ or ActiveMQ broker. string "mq.t3.micro" no
ldap_config Configuration for LDAP server 
object({
    required                 = bool
    hosts                    = list(string)
    role_base                = string
    role_name                = string
    role_search_matching     = string
    role_search_subtree      = bool
    service_account_password = string
    service_account_username = string
    user_base                = string
    user_role_name           = string
    user_search_matching     = string
    user_search_subtree      = bool
  })
 
{
  "hosts": [],
  "required": false,
  "role_base": "",
  "role_name": "",
  "role_search_matching": "",
  "role_search_subtree": false,
  "service_account_password": "",
  "service_account_username": "",
  "user_base": "",
  "user_role_name": "",
  "user_search_matching": "",
  "user_search_subtree": false
}
 no
maintenance_window Maintenance window configuration including day, time, and time zone. 
object({
    day_of_week = string
    time_of_day = string
    time_zone   = string
  })
 
{
  "day_of_week": "MONDAY",
  "time_of_day": "02:00",
  "time_zone": "UTC"
}
 no
name Name of the RabbitMQ or ActiveMQ broker. string n/a yes
namespace Namespace of the project, i.e. arc string "arc" no
publicly_accessible Whether the RabbitMQ or ActiveMQ broker is publicly accessible. bool false no
security_group_data (optional) Security Group data 
object({
    security_group_ids_to_attach = optional(list(string), [])
    create                       = optional(bool, true)
    description                  = optional(string, null)
    ingress_rules = optional(list(object({
      description              = optional(string, null)
      cidr_block               = optional(string, null)
      source_security_group_id = optional(string, null)
      from_port                = number
      ip_protocol              = string
      to_port                  = string
      self                     = optional(bool, false)
    })), [])
    egress_rules = optional(list(object({
      description                   = optional(string, null)
      cidr_block                    = optional(string, null)
      destination_security_group_id = optional(string, null)
      from_port                     = number
      ip_protocol                   = string
      to_port                       = string
      prefix_list_id                = optional(string, null)
    })), [])
  })
 
{
  "create": false
}
 no
storage_type Storage type for the RabbitMQ or ActiveMQ or ActiveMQ broker. string "ebs" no
subnet_ids List of subnet IDs for the RabbitMQ or ActiveMQ broker. list(string) [] no
tags Tags to apply to resources map(string) n/a yes
users List of users for the ActiveMQ broker 
object({
    username = optional(string)
    groups   = optional(list(string), [])
  })
 {} no
users_replica List of users for the ActiveMQ broker 
object({
    replication_username = optional(string)
    groups               = optional(list(string), [])
  })
 {} no
vpc_id The VPC ID for the VPC endpoint. string null no

Outputs

Name Description
broker_id The ID of the MQ broker (RabbitMQ or ActiveMQ) based on the broker type.
replication_user_password_ssm_parameter The SSM parameter storing the replication user password for ActiveMQ.
security_group_id The ID of the created security group for brokerMQ.
user_password_ssm_parameter The SSM parameter storing the brokerMQ user password.
user_ssm_parameter The SSM parameter storing the brokerMQ username.

Versioning

This project uses a .version file at the root of the repo which the pipeline reads from and does a git tag.

When you intend to commit to main, you will need to increment this version. Once the project is merged, the pipeline will kick off and tag the latest git commit.

Development

Prerequisites

Configurations

  • Configure pre-commit hooks 
    1
    pre-commit install

Versioning

while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch

For Example

1
git commit -m "your commit message #major"
By specifying this , it will bump the version and if you don't specify this in your commit message then by default it will consider patch and will bump that accordingly

Tests

  • Tests are available in test directory
  • Configure the dependencies 
    1
2
3
    cd test/
go mod init github.com/sourcefuse/terraform-aws-refarch-<module_name>
go get github.com/gruntwork-io/terratest/modules/terraform
  • Now execute the test
    1
    go test -timeout  30m

Contributing

See CONTRIBUTING.md for commit conventions and development setup.

Authors

This project is authored by: - SourceFuse ARC Team