From 59b9aac85ad59424577496ddf7ca1e317a1eab8e Mon Sep 17 00:00:00 2001
From: "docs-sourcer[bot]"
<99042413+docs-sourcer[bot]@users.noreply.github.com>
Date: Tue, 17 Feb 2026 04:31:31 +0000
Subject: [PATCH 1/2] Updated with the [latest
changes](https://github.com/gruntwork-io/terraform-aws-messaging/pull/195)
from the `terraform-aws-messaging@feat/amazon-mq-module` source branch.
---
.../amazon-mq/amazon-mq.md | 705 ++++++++++++++++++
.../sns-sqs-connection/sns-sqs-connection.md | 25 +-
2 files changed, 729 insertions(+), 1 deletion(-)
create mode 100644 docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md
diff --git a/docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md b/docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md
new file mode 100644
index 000000000..bb1ffe9ed
--- /dev/null
+++ b/docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md
@@ -0,0 +1,705 @@
+---
+title: "Amazon MQ Module"
+hide_title: true
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
+import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
+import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
+
+
+
+# Amazon MQ Module
+
+View Source
+
+Release Notes
+
+This module deploys an [Amazon MQ](https://aws.amazon.com/amazon-mq/) broker supporting both **ActiveMQ** and **RabbitMQ** engine types.
+
+## Engine Types
+
+### ActiveMQ
+
+* Deployment modes: SINGLE_INSTANCE, ACTIVE_STANDBY_MULTI_AZ
+* Ports: 8162 (Web Console), 61617 (OpenWire+SSL), 5671 (AMQP+SSL), 8883 (MQTT+SSL), 61614 (STOMP+SSL), 61619 (WSS)
+* Supports EFS and EBS storage types, audit logging, and XML configuration
+
+### RabbitMQ
+
+* Deployment modes: SINGLE_INSTANCE, CLUSTER_MULTI_AZ
+* Ports: 443 (Management UI), 5671 (AMQP+SSL)
+
+## Usage
+
+```hcl
+module "amazon_mq" {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-messaging.git//modules/amazon-mq?ref=v0.0.1"
+
+ broker_name = "my-broker"
+ engine_type = "ActiveMQ"
+ engine_version = "5.18"
+ host_instance_type = "mq.m5.large"
+ deployment_mode = "SINGLE_INSTANCE"
+
+ subnet_ids = ["subnet-abc123"]
+ vpc_id = "vpc-abc123"
+
+ admin_username = "admin"
+ admin_password = var.admin_password
+
+ allowed_cidr_blocks = ["10.0.0.0/16"]
+}
+```
+
+See [variables.tf](https://github.com/gruntwork-io/terraform-aws-messaging/tree/v1.0.3/modules/amazon-mq/variables.tf) for all available options and the [examples folder](https://github.com/gruntwork-io/terraform-aws-messaging/tree/v1.0.3/examples) for working examples.
+
+## Sample Usage
+
+
+
+
+```hcl title="main.tf"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S AMAZON-MQ MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
+# ------------------------------------------------------------------------------------------------------
+
+module "amazon_mq" {
+
+ source = "git::git@github.com:gruntwork-io/terraform-aws-messaging.git//modules/amazon-mq?ref=v1.0.3"
+
+ # ----------------------------------------------------------------------------------------------------
+ # REQUIRED VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # The password for the admin user.
+ admin_password = # SENSITIVE
+
+ # The username for the admin user.
+ admin_username =
+
+ # The name of the Amazon MQ broker.
+ broker_name =
+
+ # The type of broker engine. Valid values are ActiveMQ and RabbitMQ.
+ engine_type =
+
+ # The version of the broker engine. For ActiveMQ, e.g. '5.18'. For RabbitMQ,
+ # e.g. '3.13'.
+ engine_version =
+
+ # The broker's instance type. e.g. 'mq.m5.large', 'mq.t3.micro'.
+ host_instance_type =
+
+ # List of subnet IDs for the broker. Use 1 subnet for SINGLE_INSTANCE, 2+ for
+ # ACTIVE_STANDBY_MULTI_AZ or CLUSTER_MULTI_AZ.
+ subnet_ids =
+
+ # The ID of the VPC in which to create the broker security group.
+ vpc_id =
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # List of additional security group IDs to attach to the broker.
+ additional_security_group_ids = []
+
+ # List of CIDR blocks allowed to connect to the broker.
+ allowed_cidr_blocks = []
+
+ # List of security group IDs allowed to connect to the broker.
+ allowed_security_groups = []
+
+ # List of application users for the broker. Each user should have username,
+ # password, and optionally console_access and groups (ActiveMQ only).
+ application_users = [] # SENSITIVE
+
+ # Whether to apply changes to the broker immediately or during the next
+ # maintenance window.
+ apply_immediately = false
+
+ # Whether to enable audit logging for the broker. Only supported for ActiveMQ
+ # engine type.
+ audit_log_enabled = false
+
+ # Whether to automatically upgrade to new minor versions of the broker engine
+ # as they are released.
+ auto_minor_version_upgrade = false
+
+ # The ActiveMQ XML configuration data. When set, an aws_mq_configuration
+ # resource is created and associated with the broker. Only applicable for
+ # ActiveMQ engine type.
+ configuration_data = null
+
+ # If you set this variable to false, this module will not create any
+ # resources. This is used as a workaround because Terraform does not allow you
+ # to use the 'count' parameter on modules.
+ create_resources = true
+
+ # Custom tags to apply to all resources created by this module.
+ custom_tags = {}
+
+ # The deployment mode of the broker. Valid values are SINGLE_INSTANCE,
+ # ACTIVE_STANDBY_MULTI_AZ, and CLUSTER_MULTI_AZ.
+ deployment_mode = "SINGLE_INSTANCE"
+
+ # Whether to explicitly configure the encryption_options block on the broker.
+ # Amazon MQ always encrypts data at rest. When true (default), you can specify
+ # a custom KMS key via kms_key_id. When false, the block is omitted and AWS
+ # uses its default AWS-owned key.
+ enable_encryption = true
+
+ # Whether to enable general logging for the broker.
+ general_log_enabled = false
+
+ # The ARN of a custom KMS key to use for encryption at rest. If not set and
+ # enable_encryption is true, the AWS-owned key is used.
+ kms_key_id = null
+
+ # The day of the week for the maintenance window. e.g. 'MONDAY', 'TUESDAY',
+ # etc. Set all three maintenance variables to enable.
+ maintenance_day_of_week = null
+
+ # The time of day for the maintenance window in 24-hour format. e.g. '02:00'.
+ maintenance_time_of_day = null
+
+ # The time zone for the maintenance window. e.g. 'UTC', 'America/New_York'.
+ maintenance_time_zone = "UTC"
+
+ # Whether to enable connections from applications outside of the VPC that
+ # hosts the broker's subnets.
+ publicly_accessible = false
+
+ # The name for the security group. Defaults to '-mq' if not set.
+ security_group_name = null
+
+ # Storage type of the broker. Valid values are 'efs' and 'ebs'. Only
+ # configurable for ActiveMQ (defaults to 'efs'). RabbitMQ always uses EBS.
+ storage_type = null
+
+ # Whether to use the AWS-owned KMS key for encryption at rest. Set to false to
+ # use a custom kms_key_id.
+ use_aws_owned_key = true
+
+}
+
+
+```
+
+
+
+
+```hcl title="terragrunt.hcl"
+
+# ------------------------------------------------------------------------------------------------------
+# DEPLOY GRUNTWORK'S AMAZON-MQ MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
+# ------------------------------------------------------------------------------------------------------
+
+terraform {
+ source = "git::git@github.com:gruntwork-io/terraform-aws-messaging.git//modules/amazon-mq?ref=v1.0.3"
+}
+
+inputs = {
+
+ # ----------------------------------------------------------------------------------------------------
+ # REQUIRED VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # The password for the admin user.
+ admin_password = # SENSITIVE
+
+ # The username for the admin user.
+ admin_username =
+
+ # The name of the Amazon MQ broker.
+ broker_name =
+
+ # The type of broker engine. Valid values are ActiveMQ and RabbitMQ.
+ engine_type =
+
+ # The version of the broker engine. For ActiveMQ, e.g. '5.18'. For RabbitMQ,
+ # e.g. '3.13'.
+ engine_version =
+
+ # The broker's instance type. e.g. 'mq.m5.large', 'mq.t3.micro'.
+ host_instance_type =
+
+ # List of subnet IDs for the broker. Use 1 subnet for SINGLE_INSTANCE, 2+ for
+ # ACTIVE_STANDBY_MULTI_AZ or CLUSTER_MULTI_AZ.
+ subnet_ids =
+
+ # The ID of the VPC in which to create the broker security group.
+ vpc_id =
+
+ # ----------------------------------------------------------------------------------------------------
+ # OPTIONAL VARIABLES
+ # ----------------------------------------------------------------------------------------------------
+
+ # List of additional security group IDs to attach to the broker.
+ additional_security_group_ids = []
+
+ # List of CIDR blocks allowed to connect to the broker.
+ allowed_cidr_blocks = []
+
+ # List of security group IDs allowed to connect to the broker.
+ allowed_security_groups = []
+
+ # List of application users for the broker. Each user should have username,
+ # password, and optionally console_access and groups (ActiveMQ only).
+ application_users = [] # SENSITIVE
+
+ # Whether to apply changes to the broker immediately or during the next
+ # maintenance window.
+ apply_immediately = false
+
+ # Whether to enable audit logging for the broker. Only supported for ActiveMQ
+ # engine type.
+ audit_log_enabled = false
+
+ # Whether to automatically upgrade to new minor versions of the broker engine
+ # as they are released.
+ auto_minor_version_upgrade = false
+
+ # The ActiveMQ XML configuration data. When set, an aws_mq_configuration
+ # resource is created and associated with the broker. Only applicable for
+ # ActiveMQ engine type.
+ configuration_data = null
+
+ # If you set this variable to false, this module will not create any
+ # resources. This is used as a workaround because Terraform does not allow you
+ # to use the 'count' parameter on modules.
+ create_resources = true
+
+ # Custom tags to apply to all resources created by this module.
+ custom_tags = {}
+
+ # The deployment mode of the broker. Valid values are SINGLE_INSTANCE,
+ # ACTIVE_STANDBY_MULTI_AZ, and CLUSTER_MULTI_AZ.
+ deployment_mode = "SINGLE_INSTANCE"
+
+ # Whether to explicitly configure the encryption_options block on the broker.
+ # Amazon MQ always encrypts data at rest. When true (default), you can specify
+ # a custom KMS key via kms_key_id. When false, the block is omitted and AWS
+ # uses its default AWS-owned key.
+ enable_encryption = true
+
+ # Whether to enable general logging for the broker.
+ general_log_enabled = false
+
+ # The ARN of a custom KMS key to use for encryption at rest. If not set and
+ # enable_encryption is true, the AWS-owned key is used.
+ kms_key_id = null
+
+ # The day of the week for the maintenance window. e.g. 'MONDAY', 'TUESDAY',
+ # etc. Set all three maintenance variables to enable.
+ maintenance_day_of_week = null
+
+ # The time of day for the maintenance window in 24-hour format. e.g. '02:00'.
+ maintenance_time_of_day = null
+
+ # The time zone for the maintenance window. e.g. 'UTC', 'America/New_York'.
+ maintenance_time_zone = "UTC"
+
+ # Whether to enable connections from applications outside of the VPC that
+ # hosts the broker's subnets.
+ publicly_accessible = false
+
+ # The name for the security group. Defaults to '-mq' if not set.
+ security_group_name = null
+
+ # Storage type of the broker. Valid values are 'efs' and 'ebs'. Only
+ # configurable for ActiveMQ (defaults to 'efs'). RabbitMQ always uses EBS.
+ storage_type = null
+
+ # Whether to use the AWS-owned KMS key for encryption at rest. Set to false to
+ # use a custom kms_key_id.
+ use_aws_owned_key = true
+
+}
+
+
+```
+
+
+
+
+
+
+
+## Reference
+
+
+
+
+### Required
+
+
+
+
+The password for the admin user.
+
+
+
+
+
+
+
+The username for the admin user.
+
+
+
+
+
+
+
+The name of the Amazon MQ broker.
+
+
+
+
+
+
+
+The type of broker engine. Valid values are ActiveMQ and RabbitMQ.
+
+
+
+
+
+
+
+The version of the broker engine. For ActiveMQ, e.g. '5.18'. For RabbitMQ, e.g. '3.13'.
+
+
+
+
+
+
+
+The broker's instance type. e.g. 'mq.m5.large', 'mq.t3.micro'.
+
+
+
+
+
+
+
+List of subnet IDs for the broker. Use 1 subnet for SINGLE_INSTANCE, 2+ for ACTIVE_STANDBY_MULTI_AZ or CLUSTER_MULTI_AZ.
+
+
+
+
+
+
+
+The ID of the VPC in which to create the broker security group.
+
+
+
+
+### Optional
+
+
+
+
+List of additional security group IDs to attach to the broker.
+
+
+
+
+
+
+
+
+List of CIDR blocks allowed to connect to the broker.
+
+
+
+
+
+
+
+
+List of security group IDs allowed to connect to the broker.
+
+
+
+
+
+
+
+
+List of application users for the broker. Each user should have username, password, and optionally console_access and groups (ActiveMQ only).
+
+
+
+
+```hcl
+list(object({
+ username = string
+ password = string
+ console_access = optional(bool, false)
+ groups = optional(list(string), [])
+ }))
+```
+
+
+
+
+
+
+
+
+Whether to apply changes to the broker immediately or during the next maintenance window.
+
+
+
+
+
+
+
+
+Whether to enable audit logging for the broker. Only supported for ActiveMQ engine type.
+
+
+
+
+
+
+
+
+Whether to automatically upgrade to new minor versions of the broker engine as they are released.
+
+
+
+
+
+
+
+
+The ActiveMQ XML configuration data. When set, an aws_mq_configuration resource is created and associated with the broker. Only applicable for ActiveMQ engine type.
+
+
+
+
+
+
+
+
+If you set this variable to false, this module will not create any resources. This is used as a workaround because Terraform does not allow you to use the 'count' parameter on modules.
+
+
+
+
+
+
+
+
+Custom tags to apply to all resources created by this module.
+
+
+
+
+
+
+
+
+The deployment mode of the broker. Valid values are SINGLE_INSTANCE, ACTIVE_STANDBY_MULTI_AZ, and CLUSTER_MULTI_AZ.
+
+
+
+
+
+
+
+
+Whether to explicitly configure the encryption_options block on the broker. Amazon MQ always encrypts data at rest. When true (default), you can specify a custom KMS key via kms_key_id. When false, the block is omitted and AWS uses its default AWS-owned key.
+
+
+
+
+
+
+
+
+Whether to enable general logging for the broker.
+
+
+
+
+
+
+
+
+The ARN of a custom KMS key to use for encryption at rest. If not set and enable_encryption is true, the AWS-owned key is used.
+
+
+
+
+
+
+
+
+The day of the week for the maintenance window. e.g. 'MONDAY', 'TUESDAY', etc. Set all three maintenance variables to enable.
+
+
+
+
+
+
+
+
+The time of day for the maintenance window in 24-hour format. e.g. '02:00'.
+
+
+
+
+
+
+
+
+The time zone for the maintenance window. e.g. 'UTC', 'America/New_York'.
+
+
+
+
+
+
+
+
+Whether to enable connections from applications outside of the VPC that hosts the broker's subnets.
+
+
+
+
+
+
+
+
+The name for the security group. Defaults to '<broker_name>-mq' if not set.
+
+
+
+
+
+
+
+
+Storage type of the broker. Valid values are 'efs' and 'ebs'. Only configurable for ActiveMQ (defaults to 'efs'). RabbitMQ always uses EBS.
+
+
+
+
+
+
+
+
+Whether to use the AWS-owned KMS key for encryption at rest. Set to false to use a custom kms_key_id.
+
+
+
+
+
+
+
+
+
+
+
+The ARN of the Amazon MQ broker.
+
+
+
+
+
+
+
+The unique ID of the Amazon MQ broker.
+
+
+
+
+
+
+
+List of broker instance details including console URL, endpoints, and IP address.
+
+
+
+
+
+
+
+The ARN of the ActiveMQ configuration. Empty string if not created.
+
+
+
+
+
+
+
+The ID of the ActiveMQ configuration. Empty string if not created.
+
+
+
+
+
+
+
+The URL of the broker's ActiveMQ Web Console or RabbitMQ Management UI for the primary instance.
+
+
+
+
+
+
+
+The list of all broker endpoints for the primary instance (e.g., OpenWire, AMQP, MQTT, STOMP, WSS for ActiveMQ; AMQP for RabbitMQ).
+
+
+
+
+
+
+
+The broker's primary SSL endpoint.
+
+
+
+
+
+
+
+The ID of the security group created for the broker.
+
+
+
+
+
+
+
+
diff --git a/docs/reference/modules/terraform-aws-messaging/sns-sqs-connection/sns-sqs-connection.md b/docs/reference/modules/terraform-aws-messaging/sns-sqs-connection/sns-sqs-connection.md
index 7ec04a0a4..a0bed3eb6 100644
--- a/docs/reference/modules/terraform-aws-messaging/sns-sqs-connection/sns-sqs-connection.md
+++ b/docs/reference/modules/terraform-aws-messaging/sns-sqs-connection/sns-sqs-connection.md
@@ -19,6 +19,10 @@ import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
This module makes it easy to subscribe a SQS to a SNS topic after both have been successfully created.
+## Managing Queue Policy Separately
+
+By default, this module creates an SQS queue policy allowing the SNS topic to send messages. Set `create_queue_policy = false` if you manage the policy elsewhere (e.g., via the [sqs module](https://github.com/gruntwork-io/terraform-aws-messaging/tree/v1.0.3/modules/sqs)'s `queue_policy` variable).
+
## Sample Usage
@@ -51,6 +55,11 @@ module "sns_sqs_connection" {
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
+ # Whether to create an SQS queue policy that allows the SNS topic to send
+ # messages to the SQS queue. Set to false if you are managing the queue policy
+ # separately (e.g., in the SQS module).
+ create_queue_policy = true
+
# (Optional) JSON String with the filter policy that will be used in the
# subscription to filter messages seen by the target resource. Refer to the
# SNS docs for more details
@@ -103,6 +112,11 @@ inputs = {
# OPTIONAL VARIABLES
# ----------------------------------------------------------------------------------------------------
+ # Whether to create an SQS queue policy that allows the SNS topic to send
+ # messages to the SQS queue. Set to false if you are managing the queue policy
+ # separately (e.g., in the SQS module).
+ create_queue_policy = true
+
# (Optional) JSON String with the filter policy that will be used in the
# subscription to filter messages seen by the target resource. Refer to the
# SNS docs for more details
@@ -162,6 +176,15 @@ The queue URL for the Simple Queue Service (SQS).
### Optional
+
+
+
+Whether to create an SQS queue policy that allows the SNS topic to send messages to the SQS queue. Set to false if you are managing the queue policy separately (e.g., in the SQS module).
+
+
+
+
+
@@ -206,6 +229,6 @@ Whether to enable raw message delivery (the original message is directly passed,
"https://github.com/gruntwork-io/terraform-aws-messaging/tree/v1.0.3/modules/sns-sqs-connection/outputs.tf"
],
"sourcePlugin": "module-catalog-api",
- "hash": "47e8f2f9f2c4daf507226973473f0e96"
+ "hash": "051e11a5eb04a551a16bb54bd25c1b85"
}
##DOCS-SOURCER-END -->
From ed8cc2171286495850b0e6d588de2d7e947cb135 Mon Sep 17 00:00:00 2001
From: "docs-sourcer[bot]"
<99042413+docs-sourcer[bot]@users.noreply.github.com>
Date: Tue, 17 Feb 2026 04:42:13 +0000
Subject: [PATCH 2/2] Updated with the [latest
changes](https://github.com/gruntwork-io/terraform-aws-messaging/compare/cada18b14a19...9d1edb9e8e96)
from the `terraform-aws-messaging@feat/amazon-mq-module` source branch.
---
.../terraform-aws-messaging/amazon-mq/amazon-mq.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md b/docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md
index bb1ffe9ed..781da8f23 100644
--- a/docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md
+++ b/docs/reference/modules/terraform-aws-messaging/amazon-mq/amazon-mq.md
@@ -665,18 +665,18 @@ The URL of the broker's ActiveMQ Web Console or RabbitMQ Management UI for the p
-
+
-The list of all broker endpoints for the primary instance (e.g., OpenWire, AMQP, MQTT, STOMP, WSS for ActiveMQ; AMQP for RabbitMQ).
+The broker's primary endpoint (e.g., OpenWire SSL for ActiveMQ, AMQP for RabbitMQ).
-
+
-The broker's primary SSL endpoint.
+The list of all broker endpoints for the primary instance (e.g., OpenWire, AMQP, MQTT, STOMP, WSS for ActiveMQ; AMQP for RabbitMQ).
@@ -700,6 +700,6 @@ The ID of the security group created for the broker.
"https://github.com/gruntwork-io/terraform-aws-messaging/tree/v1.0.3/modules/amazon-mq/outputs.tf"
],
"sourcePlugin": "module-catalog-api",
- "hash": "89a8234a7d3d3f18d5cbca267ee922b8"
+ "hash": "604dd8db89ee676e8f6d286fc0f5300c"
}
##DOCS-SOURCER-END -->