Profile Applicability:

  • Level 2

Description:
RabbitMQ is a widely used message broker that supports high availability and fault tolerance through clustering. Cluster deployment mode in RabbitMQ enables multiple RabbitMQ nodes to work together as a cluster. This deployment mode ensures that queues and messages are replicated across multiple nodes, providing higher availability, fault tolerance, and improved scalability. It is important to ensure that RabbitMQ brokers are deployed in cluster mode to avoid single points of failure and ensure continuous availability of messaging services.

Rationale:
Enabling cluster deployment mode in RabbitMQ ensures that the message broker is highly available and fault-tolerant. If one node in the cluster fails, other nodes in the cluster continue to operate, preventing downtime and service disruption. This configuration helps meet business continuity requirements and ensures that messaging services remain available even in the event of failures. Clustering is essential for distributed systems requiring high availability and scalability.

Impact:
 Pros:

  • Provides high availability by ensuring that messages are replicated across multiple RabbitMQ nodes.

  • Improves fault tolerance as the failure of one node does not impact the entire messaging system.

  • Enhances scalability, allowing the broker to handle more load by distributing the workload across multiple nodes.

  • Prevents downtime due to node failures, which is critical for high-availability applications.

Cons:

  • Increased complexity in setting up and maintaining the RabbitMQ cluster.

  • Requires proper network configurations for communication between nodes in the cluster.

  • Additional resource consumption for maintaining the replication and cluster overhead.

Default Value:
By default, RabbitMQ brokers are deployed as standalone nodes, not using cluster mode. Cluster deployment must be explicitly configured for high availability and fault tolerance.

Pre-requisites:

  • AWS IAM permissions to manage MQ services and RabbitMQ configurations:
     mq:DescribeBroker
     mq:UpdateBroker

  • Access to Amazon MQ configurations to enable cluster mode for RabbitMQ brokers.

Remediation:

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Amazon MQ.

  3. In the left-hand menu, select Brokers.

  4. Choose the RabbitMQ broker you want to review.

  5. Check the Deployment mode under the Broker details section. If the broker is not in Cluster deployment mode, you will need to enable clustering.

  6. To enable clustering, click on Modify, and under the Cluster Deployment settings, select Cluster.

  7. Save the changes and ensure that the RabbitMQ broker is now deployed in cluster mode.

Using AWS CLI:

  1. List all RabbitMQ brokers:

    aws mq describe-brokers

  2. For each broker, check the Deployment Mode:

    aws mq describe-broker --broker-id <BROKER_ID>

  3.  In the output, check the DeploymentMode field. If it is set to SINGLE_INSTANCE, the broker is not using cluster deployment.

  4. To change the deployment mode to Cluster, use the following command:

    aws mq update-broker --broker-id <BROKER_ID> --deployment-mode CLUSTER

  5. Verify that the broker is now using Cluster deployment mode:

    aws mq describe-broker --broker-id <BROKER_ID>

Implementation Plan:

Using AWS Console:

  1. Open the Amazon MQ Console and navigate to Brokers.

  2. Select the RabbitMQ broker you want to modify.

  3. In the Cluster Deployment settings, change the deployment mode to Cluster.

  4. Save the changes and ensure that the broker is now deployed in cluster mode.

Using AWS CLI:

  1. To enable clustering for a RabbitMQ broker, run:  

aws mq update-broker --broker-id <BROKER_ID> --deployment-mode CLUSTER

  1. Verify that the broker is now using Cluster deployment mode:

    aws mq describe-broker --broker-id <BROKER_ID>

Backout Plan:

Using AWS Console:

  1. If cluster mode causes issues, sign in to the AWS Management Console.

  2. Navigate to Amazon MQ and select the RabbitMQ broker.

  3. Click Modify and change the Deployment mode back to Single Instance.

  4. Save the changes and monitor the broker to ensure it is functioning as expected.

Using AWS CLI:

  1. To revert the RabbitMQ broker to a Single Instance deployment, run:

    aws mq update-broker --broker-id <BROKER_ID> --deployment-mode SINGLE_INSTANCE

  2. Verify the broker’s deployment mode:

    aws mq describe-broker --broker-id <BROKER_ID>

Reference:

CIS Controls:

Version

Control ID

Control Description

7.1

3.1

Ensure that RabbitMQ brokers are deployed in cluster mode to provide high availability and fault tolerance for messaging systems.

7.1

8.1

Enable clustering for RabbitMQ brokers to ensure redundancy and avoid a single point of failure in the messaging system.