io.github.cdklabs.cdk.amazonmq.package-info Maven / Gradle / Ivy
/**
* AWS::AmazonMQ L2 Construct Library
*
* ---
*
* Features | Stability
* ---------------------------------------------|--------------------------------------------------------
* Higher level constructs for ActiveMQ Brokers | 
* Higher level constructs for RabbitMQ Bokers |
*
*
*
* Experimental: Higher level constructs in this module that are marked as experimental are
* under active development. They are subject to non-backward compatible changes or removal in any
* future version. These are not subject to the Semantic Versioning model and
* breaking changes will be announced in the release notes. This means that while you may use them,
* you may need to update your source code when upgrading to a newer version of this package.
*
*
*
*
*
*
*
*
Table of Contents
*
*
* - Introduction
*
*
* - Security
*
* - ActiveMQ Brokers
*
*
* - RabbitMQ Brokers
*
*
*
*
*
Introduction
*
* Amazon MQ is a managed service that makes it easy to create and run Apache ActiveMQ and RabbitMQ message brokers at scale. This library brings L2 AWS CDK constructs for Amazon MQ and introduces a notion of broker deployment and distincts between a broker and a broker deployment.
*
*
* - broker deployment represents the configuration that defines how the broker (or a set of brokers in a particular configuration) will be deployed. Effectively, this is the representation of the
AWS::AmazonMQ::Broker resource type, and will expose the relevant attributes of the resource type (such as ARN, Id).
* - broker represents the means for accessing the broker, that is its endpoints and (in the case of ActiveMQ) IPv4 address(es).
*
*
* This stems from the fact that when creating the AWS::AmazonMQ::Broker resource for ActiveMQ in the ACTIVE_STANDBY_MULTI_AZ deployment mode, the resulting AWS resource will in fact contain a set of two, distinct brokers.
*
* The separation allows for expressing the resources as types in two ways:
*
*
* - is, where a broker deployment implements the broker behavioral interface
* - has, where a broker deployment contains (a set of) brokers.
*
*
*
Security
*
* In order to build secure solutions follow the guidelines and recommendations in the Security section of the AWS documentation for the Amazon MQ.
*
*
ActiveMQ Brokers
*
* Amazon MQ allows for creating AWS-managed ActiveMQ brokers. The brokers enable exchanging messages over a number of protocols, e.g. AMQP 1.0, OpenWire, STOMP, MQTT.
*
*
ActiveMQ Broker Deployments
*
* The following example creates a minimal, single-instance ActiveMQ Broker deployment:
*
*
* import software.amazon.awscdk.services.ec2.InstanceClass;
* import software.amazon.awscdk.services.ec2.InstanceSize;
* import software.amazon.awscdk.services.ec2.InstanceType;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerEngineVersion;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerInstance;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerUserManagement;
*
* Stack stack;
* ISecret brokerUser;
*
*
* ActiveMqBrokerInstance broker = ActiveMqBrokerInstance.Builder.create(stack, "ActiveMqBroker")
* .publiclyAccessible(false)
* .version(ActiveMqBrokerEngineVersion.V5_17_6)
* .instanceType(InstanceType.of(InstanceClass.T3, InstanceSize.MICRO))
* .userManagement(ActiveMqBrokerUserManagement.simple(SimpleAuthenticationUserManagementOptions.builder()
* .users(List.of(ActiveMqUser.builder()
* .username(brokerUser.secretValueFromJson("username").unsafeUnwrap())
* .password(brokerUser.secretValueFromJson("password"))
* .build()))
* .build()))
* .autoMinorVersionUpgrade(true)
* .build();
*
*
* The example below shows how to instantiate an active-standby redundant pair. ActiveMqBrokerRedundantPair doesn't implement IActiveMqBroker, but has two properties: first, and second that do. This stems from the fact that ActiveMq redundant-pair deployment exposes two, separate brokers that work in an active-standby configuration. The names are first (instead of active) and second (instead of standby) as there cannot be a guarantee which broker will be the active and which - the standby.
*
*
* import software.amazon.awscdk.services.ec2.InstanceClass;
* import software.amazon.awscdk.services.ec2.InstanceSize;
* import software.amazon.awscdk.services.ec2.InstanceType;
* import software.amazon.awscdk.services.ec2.IVpc;
* import software.amazon.awscdk.services.ec2.SubnetSelection;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerEngineVersion;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerRedundantPair;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerUserManagement;
*
* Stack stack;
* ISecret brokerUser;
* IVpc vpc;
* SubnetSelection vpcSubnets;
*
*
* ActiveMqBrokerRedundantPair brokerPair = ActiveMqBrokerRedundantPair.Builder.create(stack, "ActiveMqBrokerPair")
* .publiclyAccessible(false)
* .version(ActiveMqBrokerEngineVersion.V5_17_6)
* .instanceType(InstanceType.of(InstanceClass.M5, InstanceSize.LARGE))
* .userManagement(ActiveMqBrokerUserManagement.simple(SimpleAuthenticationUserManagementOptions.builder()
* .users(List.of(ActiveMqUser.builder()
* .username(brokerUser.secretValueFromJson("username").unsafeUnwrap())
* .password(brokerUser.secretValueFromJson("password"))
* .build()))
* .build()))
* .autoMinorVersionUpgrade(true)
* .vpc(vpc)
* .vpcSubnets(vpcSubnets)
* .build();
*
*
*
ActiveMQ Broker Endpoints
*
* Each created broker instance implements IActiveMqBroker and has endpoints property representing each allowed transport with url and port.
*
* One can use the endpoints as in the example below
*
*
* import software.amazon.awscdk.CfnOutput;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBroker;
*
* IActiveMqBroker broker;
*
*
* CfnOutput.Builder.create(this, "AmqpEndpointUrl").value(broker.getEndpoints().getAmqp().getUrl()).build();
* CfnOutput.Builder.create(this, "AmqpEndpointPort").value(broker.endpoints.amqp.port.toString()).build();
*
* CfnOutput.Builder.create(this, "StompEndpointUrl").value(broker.getEndpoints().getStomp().getUrl()).build();
* CfnOutput.Builder.create(this, "StompEndpointPort").value(broker.endpoints.stomp.port.toString()).build();
*
* CfnOutput.Builder.create(this, "OpenWireEndpointUrl").value(broker.getEndpoints().getOpenWire().getUrl()).build();
* CfnOutput.Builder.create(this, "OpenWireEndpointPort").value(broker.endpoints.openWire.port.toString()).build();
*
* CfnOutput.Builder.create(this, "MqttEndpointUrl").value(broker.getEndpoints().getMqtt().getUrl()).build();
* CfnOutput.Builder.create(this, "MqttEndpointPort").value(broker.endpoints.mqtt.port.toString()).build();
*
* CfnOutput.Builder.create(this, "WssEndpointUrl").value(broker.getEndpoints().getWss().getUrl()).build();
* CfnOutput.Builder.create(this, "WssEndpointPort").value(broker.endpoints.wss.port.toString()).build();
*
* CfnOutput.Builder.create(this, "WebConsoleUrl").value(broker.getEndpoints().getConsole().getUrl()).build();
* CfnOutput.Builder.create(this, "WebConsolePort").value(broker.endpoints.console.port.toString()).build();
*
* CfnOutput.Builder.create(this, "IpAddress").value(broker.getIpAddress()).build();
*
*
* For the redundant pair deployments one can access all the endpoints under properties first and second, as each implements IActiveMqBroker.
*
*
Allowing Connections to ActiveMQ Brokers
*
* For ActiveMQ broker deployments that are not publically accessible and with specified VPC and subnets you can control who can access the Broker using connections attribute. By default no connection is allowed and it has to be explicitly allowed.
*
*
* import software.amazon.awscdk.services.ec2.Peer;
* import software.amazon.awscdk.services.ec2.Port;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBroker;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerDeployment;
*
* IActiveMqBrokerDeployment deployment;
* IActiveMqBroker broker;
*
*
* // for the applications to interact over the STOMP protocol
* deployment.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(broker.getEndpoints().getStomp().getPort()));
*
* // for the applications to interact over the OpenWire protocol
* deployment.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(broker.getEndpoints().getOpenWire().getPort()));
*
* // for the Web Console access
* deployment.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(broker.getEndpoints().getConsole().getPort()));
*
*
* Mind that connections will be defined only if VPC and subnets are specified. For an instance of ActiveMqBrokerRedundantPair one would access the broker endpoints under either first or second property.
*
* Security: It is a security best practice to block unnecessary protocols with VPC security groups.
*
*
ActiveMQ Broker Configurations
*
* By default Amazon MQ will create a default configuration for the broker(s) on your deployment. You can introduce custom configurations by explicitly creating one as in the example below:
*
*
* import software.amazon.awscdk.services.ec2.InstanceClass;
* import software.amazon.awscdk.services.ec2.InstanceSize;
* import software.amazon.awscdk.services.ec2.InstanceType;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerConfiguration;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerConfigurationDefinition;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerEngineVersion;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerInstance;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerUserManagement;
*
* Stack stack;
* ISecret brokerUser;
* String configurationData;
*
*
* ActiveMqBrokerConfiguration customConfiguration = ActiveMqBrokerConfiguration.Builder.create(stack, "CustomConfiguration")
* .name("ConfigurationName")
* .description("ConfigurationDescription")
* .definition(ActiveMqBrokerConfigurationDefinition.data(configurationData))
* .build();
*
* ActiveMqBrokerInstance broker = ActiveMqBrokerInstance.Builder.create(stack, "Broker")
* .publiclyAccessible(false)
* .version(ActiveMqBrokerEngineVersion.V5_17_6)
* .instanceType(InstanceType.of(InstanceClass.T3, InstanceSize.MICRO))
* .userManagement(ActiveMqBrokerUserManagement.simple(SimpleAuthenticationUserManagementOptions.builder()
* .users(List.of(ActiveMqUser.builder()
* .username(brokerUser.secretValueFromJson("username").unsafeUnwrap())
* .password(brokerUser.secretValueFromJson("password"))
* .build()))
* .build()))
* .autoMinorVersionUpgrade(true)
* .configuration(customConfiguration)
* .build();
*
*
* A configuration can be associated with a specific broker also after the broker creation. Then, it is required to be explicitly associated with the broker.
*
*
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerConfiguration;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerDeployment;
*
* IActiveMqBrokerConfiguration configuration;
* IActiveMqBrokerDeployment deployment;
*
*
* configuration.associateWith(deployment);
*
*
* This library also allows to modify an existing configuration. Such update of a particular configuration is creating a new configuration revision so that a history of revisions can be viewed in the AWS Console. The new revision can be then associated with the broker so it uses it as a working configuration.
*
*
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerConfigurationDefinition;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerConfiguration;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerDeployment;
*
* IActiveMqBrokerConfiguration configuration;
* IActiveMqBrokerDeployment deployment;
* String newData;
*
*
* IActiveMqBrokerConfiguration newRevision = configuration.createRevision(ActiveMqBrokerConfigurationOptions.builder()
* .description("We need to modify an AuthorizationEntry")
* .definition(ActiveMqBrokerConfigurationDefinition.data(newData))
* .build());
*
* newRevision.associateWith(deployment);
*
*
*
ActiveMQ Broker User Management
*
*
ActiveMQ Broker Simple Authentication
*
* Using ActiveMQ built-in Simple Authentication users need to be provided during the broker deployment definition.
*
* Security: In the Simple Authentication User Management authorization is managed in the configuration. It is a security best practice to always configure an authorization map.
*
*
ActiveMQ Broker LDAP Integration
*
* Amazon MQ for ActiveMQ enables LDAP integration. An example below shows a minimal setup to configure an Amazon MQ for ActiveMQ broker.
*
*
* import software.amazon.awscdk.services.ec2.InstanceClass;
* import software.amazon.awscdk.services.ec2.InstanceSize;
* import software.amazon.awscdk.services.ec2.InstanceType;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerEngineVersion;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerInstance;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqBrokerUserManagement;
*
* Stack stack;
* ISecret serviceAccountSecret;
*
*
* ActiveMqBrokerInstance broker = ActiveMqBrokerInstance.Builder.create(stack, "ActiveMqBrokerInstance")
* .publiclyAccessible(false)
* .version(ActiveMqBrokerEngineVersion.V5_17_6)
* .instanceType(InstanceType.of(InstanceClass.T3, InstanceSize.MICRO))
* .userManagement(ActiveMqBrokerUserManagement.ldap(LdapUserStoreOptions.builder()
* .hosts(List.of("ldap.example.com"))
* .userSearchMatching("uid={0}")
* .userRoleName("amq")
* .userBase("ou=users,dc=example,dc=com")
* .roleBase("ou=roles,dc=example,dc=com")
* .roleSearchMatching("cn={0}")
* .roleName("amq")
* .serviceAccountPassword(serviceAccountSecret.secretValueFromJson("password"))
* .serviceAccountUsername(serviceAccountSecret.secretValueFromJson("username"))
* .build()))
* .autoMinorVersionUpgrade(true)
* .build();
*
*
*
Monitoring ActiveMQ Brokers
*
* This library introduces a set of metrics that we can use for the IActiveMqBrokerDeployment monitoring. Each can be accessed as a method on the IActiveMqBrokerDeployment with the convention metric[MetricName]. An example below shows how one can use that:
*
*
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerDeployment;
*
* Stack stack;
* IActiveMqBrokerDeployment deployment;
*
*
* Metric consumerCountMetric = deployment.metricConsumerCount();
* consumerCountMetric.createAlarm(stack, "ConsumerCountAlarm", CreateAlarmOptions.builder()
* .threshold(100)
* .evaluationPeriods(3)
* .datapointsToAlarm(2)
* .build());
*
*
*
ActiveMQ Broker Integration with AWS Lambda
*
* Amazon MQ for ActiveMQ broker queues can be used as event sources for AWS Lambda functions. For authentication only the ActiveMQ SimpleAuthenticationPlugin is supported. Lambda consumes messages using the OpenWire/Java Message Service (JMS) protocol. No other protocols are supported for consuming messages. Within the JMS protocol, only TextMessage and BytesMessage are supported. Lambda also supports JMS custom properties. For more details on the requirements of the integration read the documentation.
*
* The example below presents an example of creating such an event source mapping:
*
*
* import software.amazon.awscdk.services.lambda.IFunction;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.ActiveMqEventSource;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerDeployment;
*
* IFunction target;
* ISecret creds; // with username and password fields
* IActiveMqBrokerDeployment broker;
* String queueName;
*
*
* target.addEventSource(ActiveMqEventSource.Builder.create()
* .broker(broker)
* .credentials(creds)
* .queueName(queueName)
* .build());
*
*
* Security: When adding an Amazon MQ for ActiveMQ as an AWS Lambda function's event source the library updates the execution role's permissions to satisfy Amazon MQ requirements for provisioning the event source mapping.
*
* In the case of a private deployment the defined event source mapping will create a set of Elastic Network Interfaces (ENIs) in the subnets in which the broker deployment created communication VPC Endpoints. Thus, in order to allow the event source mapping to communicate with the broker one needs to additionally allow inbound traffic from the ENIs on the OpenWire port. As ENIs will use the same security group that governs the access to the VPC Endpoints you can simply allow communication from the broker's security group to itself on the OpenWire port as in the example below:
*
*
* import software.amazon.awscdk.services.ec2.Port;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBroker;
* import io.github.cdklabs.cdk.amazonmq.IActiveMqBrokerDeployment;
*
* IActiveMqBrokerDeployment deployment;
* IActiveMqBroker broker;
*
*
* deployment.connections.allowInternally(Port.tcp(broker.getEndpoints().getOpenWire().getPort()), "Allowing for the ESM");
*
*
*
RabbitMQ Brokers
*
* Amazon MQ allows for creating AWS-managed RabbitMQ brokers. The brokers enable exchanging messages over AMQP 0-9-1 protocol.
*
*
RabbitMQ Broker Deployments
*
* The following example creates a minimal, single-instance RabbitMQ broker deployment:
*
*
* import software.amazon.awscdk.services.ec2.InstanceClass;
* import software.amazon.awscdk.services.ec2.InstanceSize;
* import software.amazon.awscdk.services.ec2.InstanceType;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerEngineVersion;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerInstance;
*
* Stack stack;
* ISecret adminSecret;
*
*
* RabbitMqBrokerInstance broker = RabbitMqBrokerInstance.Builder.create(stack, "RabbitMqBroker")
* .publiclyAccessible(false)
* .version(RabbitMqBrokerEngineVersion.V3_11_20)
* .instanceType(InstanceType.of(InstanceClass.T3, InstanceSize.MICRO))
* .admin(Admin.builder()
* .username(adminSecret.secretValueFromJson("username").unsafeUnwrap())
* .password(adminSecret.secretValueFromJson("password"))
* .build())
* .autoMinorVersionUpgrade(true)
* .build();
*
*
* The next example creates a minimal RabbitMQ broker cluster:
*
*
* import software.amazon.awscdk.services.ec2.InstanceClass;
* import software.amazon.awscdk.services.ec2.InstanceSize;
* import software.amazon.awscdk.services.ec2.InstanceType;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerCluster;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerEngineVersion;
*
* Stack stack;
* ISecret adminSecret;
*
*
* RabbitMqBrokerCluster broker = RabbitMqBrokerCluster.Builder.create(stack, "RabbitMqBroker")
* .publiclyAccessible(false)
* .version(RabbitMqBrokerEngineVersion.V3_11_20)
* .instanceType(InstanceType.of(InstanceClass.M5, InstanceSize.LARGE))
* .admin(Admin.builder()
* .username(adminSecret.secretValueFromJson("username").unsafeUnwrap())
* .password(adminSecret.secretValueFromJson("password"))
* .build())
* .autoMinorVersionUpgrade(true)
* .build();
*
*
*
RabbitMQ Broker Endpoints
*
* Each created broker has endpoints property with the AMQP endpoint url and port.
*
*
* import software.amazon.awscdk.CfnOutput;
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBroker;
*
* IRabbitMqBroker broker;
*
*
* CfnOutput.Builder.create(this, "AmqpEndpointUrl").value(broker.getEndpoints().getAmqp().getUrl()).build();
* CfnOutput.Builder.create(this, "AmqpEndpointPort").value(broker.endpoints.amqp.port.toString()).build();
* CfnOutput.Builder.create(this, "WebConsoleUrl").value(broker.getEndpoints().getConsole().getUrl()).build();
* CfnOutput.Builder.create(this, "WebConsolePort").value(broker.endpoints.console.port.toString()).build();
*
*
*
Allowing Connections to a RabbitMQ Broker
*
* For the RabbitMQ broker deployments that are not publically accessible and with specified VPC and subnets you can control who can access the broker using connections attribute.
*
*
* import software.amazon.awscdk.services.ec2.Peer;
* import software.amazon.awscdk.services.ec2.Port;
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBroker;
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerDeployment;
*
* IRabbitMqBrokerDeployment deployment;
* IRabbitMqBroker broker;
*
*
* // for the applications to interact over the AMQP protocol
* deployment.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(broker.getEndpoints().getAmqp().getPort()));
*
* // for the Web Console access
* deployment.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(broker.getEndpoints().getConsole().getPort()));
*
*
* Mind that connections will be defined only if VPC and subnets are specified.
*
*
RabbitMQ Broker Configurations
*
* If you do not specify a custom RabbitMQ Broker configuration, Amazon MQ for RabbitMQ will create a default configuration for the broker on your behalf. You can introduce custom configurations by explicitly creating one as in the example below:
*
*
* import software.amazon.awscdk.Duration;
* import software.amazon.awscdk.services.ec2.InstanceClass;
* import software.amazon.awscdk.services.ec2.InstanceSize;
* import software.amazon.awscdk.services.ec2.InstanceType;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerConfiguration;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerConfigurationDefinition;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerEngineVersion;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerInstance;
*
* Stack stack;
* ISecret adminSecret;
*
*
* RabbitMqBrokerConfiguration customConfiguration = RabbitMqBrokerConfiguration.Builder.create(stack, "CustomConfiguration")
* .name("ConfigurationName")
* .description("ConfigurationDescription")
* .definition(RabbitMqBrokerConfigurationDefinition.parameters(RabbitMqBrokerConfigurationParameters.builder()
* .consumerTimeout(Duration.minutes(20))
* .build()))
* .build();
*
* RabbitMqBrokerInstance broker = RabbitMqBrokerInstance.Builder.create(stack, "Broker")
* .publiclyAccessible(false)
* .version(RabbitMqBrokerEngineVersion.V3_11_20)
* .instanceType(InstanceType.of(InstanceClass.T3, InstanceSize.MICRO))
* .admin(Admin.builder()
* .username(adminSecret.secretValueFromJson("username").unsafeUnwrap())
* .password(adminSecret.secretValueFromJson("password"))
* .build())
* .autoMinorVersionUpgrade(true)
* .configuration(customConfiguration)
* .build();
*
*
* A configuration can be associated with a specific broker also after the deployment. Then, it is required to be explicitly associated with the broker.
*
*
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerConfiguration;
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerDeployment;
*
* IRabbitMqBrokerConfiguration configuration;
* IRabbitMqBrokerDeployment deployment;
*
*
* configuration.associateWith(deployment);
*
*
* This library also allows to modify an existing configuration. Such update of a particular configuration is creating a new configuration revision so that a history of revisions can be viewed in the AWS Console. The new revision can be then associated with the broker so it uses it as a working configuration.
*
*
* import software.amazon.awscdk.Duration;
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerConfiguration;
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerDeployment;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqBrokerConfigurationDefinition;
*
* IRabbitMqBrokerConfiguration configuration;
* IRabbitMqBrokerDeployment deployment;
* Duration newConsumerTimeout;
*
*
* IRabbitMqBrokerConfiguration newRevision = configuration.createRevision(RabbitMqBrokerConfigurationOptions.builder()
* .description("We need to modify the consumer timeout")
* .definition(RabbitMqBrokerConfigurationDefinition.parameters(RabbitMqBrokerConfigurationParameters.builder()
* .consumerTimeout(newConsumerTimeout)
* .build()))
* .build());
*
* newRevision.associateWith(deployment);
*
*
*
Monitoring RabbitMQ Brokers
*
* This library introduces a set of metrics that we can use for the IRabbitMqBrokerDeployment monitoring. Each can be accessed as a method on the IRabbitMqBrokerDeployment with the convention metric[MetricName]. An example below shows how one can use that:
*
*
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerDeployment;
*
* Stack stack;
* IRabbitMqBrokerDeployment deployment;
*
*
* Metric consumerCountMetric = deployment.metricConsumerCount();
* consumerCountMetric.createAlarm(stack, "ConsumerCountAlarm", CreateAlarmOptions.builder()
* .threshold(100)
* .evaluationPeriods(3)
* .datapointsToAlarm(2)
* .build());
*
*
*
RabbitMQ Broker Integration with AWS Lambda
*
* Amazon MQ for RabbitMQ broker queues can be used as event sources for AWS Lambda functions. For authentication only the PLAIN authentication mechanism is supported. Lambda consumes messages using the AMQP 0-9-1 protocol. No other protocols are supported for consuming messages. For more details on the requirements of the integration read the documentation.
*
* The example below presents an example of creating such an event source mapping:
*
*
* import software.amazon.awscdk.services.lambda.IFunction;
* import software.amazon.awscdk.services.secretsmanager.ISecret;
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerDeployment;
* import io.github.cdklabs.cdk.amazonmq.RabbitMqEventSource;
*
* IFunction target;
* ISecret creds; // with username and password fields
* IRabbitMqBrokerDeployment broker;
* String queueName;
*
*
* target.addEventSource(RabbitMqEventSource.Builder.create()
* .broker(broker)
* .credentials(creds)
* .queueName(queueName)
* .build());
*
*
* Security: When adding an Amazon MQ for RabbitMQ as an AWS Lambda function's event source the library updates the execution role's permissions to satisfy Amazon MQ requirements for provisioning the event source mapping.
*
* In the case of a private deployment the defined event source mapping will create a set of Elastic Network Interfaces (ENIs) in the subnets in which the broker deployment created communication VPC Endpoints. Thus, in order to allow the event source mapping to communicate with the broekr one needs to additionally allow inbound traffic from the ENIs. As ENIs will use the same security group that governs the access to the VPC Endpoints you can simply allow communication from the broker's security group to itself on the AMQP port as in the example below:
*
*
* import io.github.cdklabs.cdk.amazonmq.IRabbitMqBrokerDeployment;
*
* IRabbitMqBrokerDeployment deployment;
*
*
* deployment.connections.allowDefaultPortInternally();
*
*/
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Experimental)
package io.github.cdklabs.cdk.amazonmq;