2

So I've created our RabbitMQ broker via Amazon MQ within a private Subnet and not publicly accessible. This generates a web console URL https://xxxx.mq.us-west-2.amazonaws.com. And I wanted to create a Route 53 record name xxxxx.ourdomain.com and use that to access the broker web console. What I've done was to create a CNAME record and use https://xxxx.mq.us-west-2.amazonaws.com as the value/route traffic to . The problem was it's giving me this when I access it via https://xxxxx.ourdomain.com.

*This server could not prove that it is ourdomain.com; its security certificate is from .mq.us-west-2.amazonaws.com"

So usually, we create a load balancer (where we have the ACM (ourdomain.com) associated to the attached target group) to our services and use that to create Route 53 A record. But I don't see any option to do this for the Amazon MQ (RabbitMQ) as it don't give me any targets or IP address. I saw documentations where it shows the IP address of the broker from the console (See: https://aws.amazon.com/blogs/compute/creating-static-custom-domain-endpoints-with-amazon-mq/), but I don't see it, not in the Amazon MQ console nor the Network Interfaces.

Amazon MQ Console

Jeremy Balagtas
  • 21
  • 3

3 Answers3

0

We need to do a dns lookup to retrieve the private ip address

module "shell_execute" {
  source  = "github.com/matti/terraform-shell-resource"
  command = "dig +short $(echo $URL | cut -d'/' -f3 | cut -d':' -f1) | grep -v '\\.$'"
  environment = {
    URL = module.rabbitmq01.primary_ssl_endpoint
  }
}

output "mq_private_ip" {
  value = module.shell_execute.stdout
}

Far too complicated, but this one works.

Now we can go on configuring our target group attachment.

Best of luck!

Bjarte Brandt
  • 4,191
  • 2
  • 23
  • 25
0

You can get the private ip with the following command from linux: host {hostname-of-amazonmq-service}

As written here in more detail: https://aws.amazon.com/blogs/compute/creating-static-custom-domain-endpoints-with-amazon-mq-for-rabbitmq/

This link is explaining how to set a CNAME for the RabbitMQ instance you have. Most important is that you need a load balancer to be able to use the secure connection.

vargen_
  • 2,590
  • 3
  • 24
  • 30
-1

As of September 2021, AWS MQ RabbitMQ brokers don't have IP addresses associated with them, which makes them nearly useless in real world applications.

Володимир Кельбель
  • 99
  • 12
  • 1
    This is either incorrect, or not fully explained. RabbitMQ brokers DO have IP addresses associated with them through their endpoints (`Services->VPC->Endpoints` Subnets tab) – zzxyz Oct 27 '21 at 20:40
  • @zzxyz RabbitMQ brokers DON'T have IP addresses exposed either via UI or API – Andrey Nov 08 '22 at 21:36