How does the API authentication work
API authentication and authorization for Amazon MQ
Amazon MQ uses the standard AWS request signature for API authentication. For more information, see Signing AWS Requests in theGeneral AWS referenceout.
Currently, Amazon MQ does not support IAM authentication using resource-based permissions or resource-based policies.
To authorize AWS users to work with brokers, configurations, and users, you must edit the IAM policy permissions.
IAM permissions required to create an Amazon MQ broker
To create a broker, you must either use the or add the following EC2 permissions to your IAM policy.
The following custom policy consists of two statements (one conditional) that grant permissions to modify the resources that Amazon MQ needs to create an ActiveMQ broker.
The action is required for Amazon MQ to create an Elastic Network Interface (ENI) for you in your account.
This authorizes Amazon MQ to attach the ENI to an ActiveMQ broker.
The condition key ensures that ENI permissions are only granted to Amazon MQ service accounts.
For more information, see Create an IAM User and Get Your AWS Credentials and Never Modify or Delete the Amazon MQ Elastic Network Interface.
Amazon MQ API Permissions Reference
The following table lists Amazon MQ REST APIs and their corresponding IAM permissions.
Resource-level permissions to Amazon MQ API actions
The termResource-level permissionsThe ability to specify the resources that users are allowed to take action on. Amazon MQ partially supports resource-level permissions. With certain Amazon MQ Actions, you can control when users can use those Actions. This is based on conditions that must be met or on certain resources that are allowed to be used by the users.
The following table lists the Amazon MQ API actions that currently support resource-level permissions and the supported resources, resource ARNs, and condition keys for each action.
If an Amazon MQ API Action is not listed in this table, it does not support resource-level permissions. If an Amazon MQ API action does not support resource-level permissions, you can give users permission to use that action, but you must include an asterisk (*) wildcard for the resource item in the policy statement.
- What symbols are used in witchcraft
- American presidents were Jews who were Freemasons
- The geological timescale is useful
- Can people survive a zombie apocalypse?
- Greet Uyghur Han people in Xinjiang
- Can modern machine guns deliver indirect fire?
- Vegan is bad for pregnancy
- How do stock market auctions work 1
- How well jewelry cleaners work
- What did you do cool
- Mainland Chinese hate Hong Kongers
- Judge bartenders after placing your order
- Which was the cruelest army in World War II
- What is an unexpected danger in Lebanon
- Will Quora be another Facebook or Reddit
- What is the best military from ww2
- What is the setup in the PC
- You can get cancer from pesticides
- How long can you store diesel fuel
- Who is the worst Telugu actor
- What upsets people about you
- Are old giants real?
- What are mini steel mills
- What is an 8th in decimal form