Failed to connect to Amazon MQ with spring-boot 2 and Stomp

Question

I am building WebSocket application with Spring boot 2, Stomp, and Amazon MQ.

However I cannot connect to Amazon MQ broker. I get Failed to connect: connection timed out error.

My WebSocket Configuration :

@Configuration
@RequiredArgsConstructor
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {

    private final ActiveMQProperties properties;

    @Override
    public void registerStompEndpoints(StompEndpointRegistry registry) {
        registry.addEndpoint("/")
                .setAllowedOrigins("*")
                .withSockJS();
    }

    @Override
    public void configureMessageBroker(MessageBrokerRegistry registry) {
        registry.enableStompBrokerRelay("/topic")
                .setAutoStartup(true)
                .setRelayPort(61614)
                .setRelayHost(properties.getBrokerUrl())
                .setClientLogin(properties.getUser())
                .setClientPasscode(properties.getPassword())
                .setSystemLogin(properties.getUser())
                .setSystemPasscode(properties.getPassword())
               .setTcpClient(createClient());
    }

    private TcpOperations<byte[]> createClient(){
        return new ReactorNettyTcpClient<>((client) -> client
//                .host(properties.getBrokerUrl())
//                .port(61614)
                .addressSupplier(this::getAddress)
                .secure(), new StompReactorNettyCodec());

    }

    private SocketAddress getAddress() {
        try {
            InetAddress address = InetAddress.getByName(properties.getBrokerUrl());
            SocketAddress socketAddress = new InetSocketAddress(address, 61614);
            return socketAddress;
        } catch (UnknownHostException e) {
            log.error(e);
        }
        return null;
    }

Log

2020-03-27 16:21:19.419  WARN 49890 --- [ealth-indicator] o.s.boot.actuate.jms.JmsHealthIndicator  : Connection failed to start within 5 seconds and will be closed.
2020-03-27 16:21:39.156  INFO 49890 --- [ient-loop-nio-1] o.s.m.s.s.StompBrokerRelayMessageHandler : TCP connection failure in session _system_: Failed to connect: connection timed out: {my-aws-url}:61614
io.netty.channel.ConnectTimeoutException: connection timed out: {my-aws-url}:61614
    at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe$1.run(AbstractNioChannel.java:261) ~[netty-transport-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.util.concurrent.PromiseTask.runTask(PromiseTask.java:98) ~[netty-common-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:170) ~[netty-common-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) ~[netty-common-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472) ~[netty-common-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:500) ~[netty-transport-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) ~[netty-common-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.45.Final.jar:4.1.45.Final]
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.45.Final.jar:4.1.45.Final]
    at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_241]
2020-03-27 16:21:39.156 DEBUG 49890 --- [ient-loop-nio-1] org.springframework.web.SimpLogging      : Cleaning up connection state for session _system_

Answer 1

I think you are missing an entry in Security Group/NACL to allow traffic on port 61614. I would also check the client hosts have access to the broker host using traceroute. Resolution for either of these should resolve the issue.

Answer 2

It is required to assign security group for AWS MQ broker configuration. When you don't choice any security group, it uses the default one. So, your IP must be added into the used security group. Then you could reach MQ admin UI or queue.