Amazon MQ RabbitMQ connection

Question

I came across this article for migrating rabbitmq to amazon mq (rabbitmq). https://aws.amazon.com/blogs/compute/migrating-message-driven-applications-to-amazon-mq-for-rabbitmq/

I see this sentence:

"In Amazon MQ for RabbitMQ, we only support the secure version of AMQP using TLS. The code snippet below demonstrates AMQPS connection using Pika library. Please note that we do not support peer verification on server side."

Does it mean its mandatory to always have a secure connection for amazon mq (rabbitmq) OR its simply saying that if we decide to go for secure connections we must use TLS

Answer 1

from the documentation Encryption in transit

By default, Amazon MQ brokers use the recommended TLS 1.2 to encrypt data. Amazon MQ does not currently support configuring brokers to use different TLS versions.

Key Concepts Security and authentication

Connections to Amazon MQ brokers use Transport Layer Security (TLS)

Supported wire-level protocols

You can access your brokers by using any programming language that ActiveMQ supports and by enabling TLS explicitly for the following protocols:

Infrastructure security in Amazon MQ

You use AWS published API calls to access Amazon MQ through the network. Clients must support Transport Layer Security (TLS) 1.0 or later. We recommend TLS 1.2 or later. Clients must also support cipher suites with perfect forward secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

You have to use TLS.