User - Amazon MQ


Every AMQP 0-9-1 client connection has an associated user which must be authenticated. Each client connection also targets a virtual host (vhost) for which the user must have a set of permissions. A user may have permission to configure, write to, and read from queues and exchanges in a vhost. User credentials, and the target vhost are specified at the time the connection is established.

When you first create a RabbitMQ broker, Amazon MQ uses the username and password you provide to create a RabbitMQ user with the administrator tag. You can then add and manage users via the RabbitMQ management API or the RabbitMQ web console. You can also use the RabbitMQ web console or the management API to set or modify user permissions and tags.


RabbitMQ users will not be stored or displayed via the Amazon MQ Users API.

To create a new user with the RabbitMQ management API, use the following API endpoint and request body. Replace username and password with your new username and password.

POST /api/users/username HTTP/1.1 {"password":"password","tags":"administrator"}

When creating users via the RabbitMQ web console or the management API, avoid guest as a username. RabbitMQ prohibits users with the guest username from accessing the broker remotely via the RabbitMQ web console, the management API, or via an application-level connection.

The tags key is mandatory, and is a comma-separated list of tags for the user. Amazon MQ supports administrator, management, and monitoring user tags.

You can set permissions for an individual user by using the following API endpoint and request body. Replace vhost and username with your information. For the default vhost /, use 2f%.

POST /api/users/vhost/username HTTP/1.1 {"configure":".*","write":".*","read":".*"}

The configure, read, and write keys are all mandatory.

By using the wildcard .* value, this operation will grant read, write, and configure permissions for all queues in the specified vhost to the user. For more information about managing users via the RabbitMQ management API, see RabbitMQ Management HTTP API.