4

When we configure the SSL on standalone ActiveMQ, we may need to provide the TrustStore,TrustStore Password, KeyStore and KeyStore password in client code to connect to the Active MQ over SSL protocol but in case of AmazonMQ, though they have provided SSL endpoint, but we can connect to it simply without providing the trust and key related values.

Client code snippet for Simple ActiveMQ over SSL:

ActiveMQSslConnectionFactory connFactory = new ActiveMQSslConnectionFactory("ssl://<someHost>:61617");
        String trustStore = "pathTo/client_new.ts";
        String keyStore = "PathTo/client_new.ks";
        try {

            connFactory.setTrustStore(trustStore);
            connFactory.setTrustStorePassword("password");
            connFactory.setKeyStore(keyStore);
            connFactory.setKeyStorePassword("password");

        } catch (Exception e) {

            e.printStackTrace();
        }

Client code snippet for Amazon MQ over SSL:

ActiveMQConnectionFactory connFactory = new ActiveMQConnectionFactory("ssl://xyz.amazonaws.com:61617");

Basically, what make this difference?

Nish
  • 922
  • 13
  • 31

1 Answers1

0

Firstly AmazonMQ works on top of the ActiveMQ, amazon has written a wrapper layer over activeMQ so as functionality wise it works pretty much the same. AmazonMQ is managed Message Broker Service for ActiveMQ. It manages everything related to space, configuring active/passive endpoints in different regions and some benefits mentioned in the below links.

https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/welcome.html

Other benefits of amazonMQ is you can setup alerts and many more as part of using other services of amazon like upgrading activemq version to the latest.

Now coming to you application part, one good thing was the way you have configured activemq was via SSL connection, though activemq exposes tcp endpoint as well which can be connected by simply providing broker URL but in case of amazonMQ it does not exposes any TCP endpoint only way to connect is by providing SSL endpoint and related parameters.

Refer this link on how application is connected to amazonMQ: https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-connecting-application.html

anshul Gupta
  • 1,182
  • 8
  • 17
  • Thanks @anshul. But I was looking for reason that why connectivity with Amazon MQ does not ask the client code to set the trustStore and KeyStore like we do in case of standalone MQ on ssl. – Nish Jul 25 '19 at 06:28
  • @Nish connecting to AWS account itself uses KeyStore information which is primarily setup and ask. Thus when you connect it to AWS first part is already taken care and later it uses username and password for verification and connection of client. – anshul Gupta Jul 25 '19 at 06:32