Amazon MQ
Developer Guide

Messaging Authentication and Authorization for ActiveMQ

You can access your brokers using the following protocols with TLS enabled:

Amazon MQ uses native ActiveMQ authentication to manage user permissions. For information about restrictions related to ActiveMQ usernames and passwords, see Limits Related to Users.

To authorize ActiveMQ users and groups to works with queues and topics, you must edit your broker's configuration. Amazon MQ uses ActiveMQ's Simple Authentication Plugin to restrict reading and writing to destinations. For more information and examples, see Always Configure an Authorization Map and authorizationEntry.


Currently, Amazon MQ doesn't support Client Certificate Authentication or plugins for Java Authentication and Authorization Service (JAAS).