IBM MQ on the AWS Cloud

Quick Start Reference Deployment

QS

September 2020
Arthur Barr, James McGuire, and Jon Tilt, IBM
Vinod Shukla and Scott Kellish, AWS Quick Start team

Visit our GitHub repository for source files and to post feedback, report bugs, or submit feature ideas for this Quick Start.

This Quick Start was created by IBM in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices.

Overview

This Quick Start reference deployment guide provides step-by-step instructions for deploying IBM MQ server on the AWS Cloud.

This Quick Start is for IT infrastructure personnel and system administrators who require guidance on how to configure, deploy, and run an IBM MQ server on AWS. It deploys IBM MQ queue manager (version 9.2) in an environment that’s designed to be secure and highly available.

Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.

IBM MQ on AWS

IBM MQ is messaging middleware that helps to simplify and accelerate the integration of diverse applications and business data across multiple platforms. It uses message queues to facilitate the exchange of information and offers a single messaging solution for cloud, mobile, the Internet of Things (IoT), and on-premises environments.

By connecting virtually everything, from a simple pair of applications to the most complex business environments, IBM MQ helps you improve business responsiveness, control costs, reduce risks, and gain real-time insights from mobile, IoT, and sensor data.

AWS offers flexible compute, storage, and database services that are designed to be scalable and secure for running IBM MQ in the cloud.

IBM MQ delivers:

  • Flexible, near-universal connectivity to adapt systems to meet changing market demands and take advantage of emerging opportunities.

  • Secure message delivery to preserve message integrity and mitigate the risk of data loss.

  • Dynamic scaling to improve business responsiveness and control costs.

  • Simplified management and control to improve productivity.

  • A unified messaging solution to simplify integration, lower the cost of ownership, and accelerate application deployment.

For more information, see the IBM MQ product page.

AWS costs

You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start. There is no additional cost for using the Quick Start.

The AWS CloudFormation templates for Quick Starts include configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

After you deploy the Quick Start, create AWS Cost and Usage Reports to deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. These reports provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, see What are AWS Cost and Usage Reports?

Software licenses

This Quick Start builds the IBM MQ environment by using a pre-built Amazon Machine Image (AMI) with IBM MQ installed on an Ubuntu operating system.

This deployment requires an IBM MQ license. To use the Quick Start in a production environment, sign up for an IBM MQ program license (requires an IBMid). You must place the license key in an Amazon Simple Storage Service (Amazon S3) bucket and specify its location. For more information, see the Sign up for an IBM MQ license section.

If you don’t have a license, the Quick Start uses an IBM MQ trial license, which allows 90 days of free usage in a non-production environment. After that time, the queue manager expires. Purchase support at an additional cost, or use the forums.

If the license file is in place when the stack is created, the IBM MQ server automatically uses the production license. To upgrade from a trial license to a production license after deployment, see Converting a trial license on Linux.

The IBM MQ software license agreement details the licensing terms. When you launch this Quick Start, you are asked to read and agree to the terms.

Architecture

Deploying this Quick Start for a new virtual private cloud (VPC) with default parameters builds the following IBM MQ environment in the AWS Cloud.

Architecture
Figure 1. Quick Start architecture for IBM MQ on AWS

As shown in Figure 1, the Quick Start sets up the following:

  • A virtual private cloud (VPC) that spans two Availability Zones and includes two public and two private subnets, for security and high availability.*

  • An internet gateway to allow access to the internet.*

  • In the public subnet, a bastion host to provide secure Secure Shell (SSH) access to the IBM MQ server. The bastion host is in an Auto Scaling group with its desired capacity set to one instance, which helps to ensure that one host is always available.*

  • In the private subnet, an IBM MQ server in an Auto Scaling group with its desired capacity set to one instance.

  • Amazon Elastic File System (Amazon EFS) automatically mounts the IBM MQ server instance for distributed storage to ensure high availability of the queue manager service and message data. If the IBM MQ server fails in one Availability Zone, a new server is created in a second Availability Zone and connects to the existing data so no persistent messages are lost. Failover typically takes 3–5 minutes but may be longer if there are outstanding transactions.

  • Elastic Load Balancing to automatically distribute connections to the active IBM MQ server.

  • An IAM instance role with resource-level permissions for access to AWS services necessary for the deployment process.

  • Appropriate security groups for each instance or function to restrict access to only necessary protocols and ports. For example, access to HTTP server ports on Amazon EC2 servers is limited to Elastic Load Balancing.

*The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

Design considerations

IBM MQ provides a messaging platform that can be deployed with various options, depending on your needs. This Quick Start provides a starting point for building your messaging solution rapidly with IBM MQ on the AWS Cloud. The following sections discuss design considerations for large-scale deployments and options for optimizing performance.

To enhance availability and reliability for production workloads, this Quick Start uses two Availability Zones. This provides an automated failover from the primary server to a server that runs in a different Availability Zone, with no loss of message or configuration data.

The IBM MQ service supports client messaging applications (within your VPC) from trusted internet addresses and via a VPN from your on-premises environment.

IBM MQ instances

This deployment launches an EC2 instance using Ubuntu Linux x86-64. Elastic Load Balancing is used to automatically ensure that traffic is pointed to an active server. This deployment supports a selection of EC2 instance types for the IBM MQ server. Before you deploy a production instance, we recommend that you benchmark the environment to ensure that you achieve your required level of performance.

Amazon EFS

Amazon EFS is a file storage service with an interface that allows you to create and configure file systems. Multiple EC2 instances can access an Amazon EFS file system at the same time, so this service provides a common data source for workloads and applications that run on more than one EC2 instance.

The default architecture built by this Quick Start allows for only one EC2 instance at a time to access your data.

Planning the deployment

Specialized knowledge

This deployment requires a moderate level of familiarity with AWS services. If you’re new to AWS, see Getting Started Resource Center and AWS Training and Certification. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

This Quick Start assumes familiarity with the following AWS services.

  • Amazon EC2 — The Amazon Elastic Compute Cloud (Amazon EC2) service enables you to launch virtual machine instances using a variety of operating systems. You can choose from existing Amazon Machine Images (AMIs) or import your own virtual machine images.

  • Amazon VPC — The Amazon Virtual Private Cloud (Amazon VPC) service lets you provision a private, isolated section of the AWS Cloud where you can launch AWS services and other resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, subnet creation, and configuration of route tables and network gateways.

  • AWS CloudFormation — AWS CloudFormation provides a way to create and manage a collection of related AWS resources that are provisioned and updated in an orderly and predictable way. You use a template to describe all the AWS resources (e.g., EC2 instances) that you want, so there’s no need to create and configure the resources or figure out dependencies.

  • Auto Scaling — Auto Scaling helps to maintain high availability and manage capacity by automatically increasing or decreasing the EC2 instance fleet. You can use Auto Scaling to run your fleet optimally by increasing instance capacity during demand spikes and decreasing capacity during down times.

  • ELB — Elastic Load Balancing automatically distributes incoming application traffic across multiple EC2 instances.

  • Amazon EFS — Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with EC2 instances. This IBM MQ deployment uses Amazon EFS to ensure high availability of message data in case of server failure.

  • IAM — AWS Identity and Access Management (IAM) helps you to securely control access to AWS services and resources from a central location. You can manage users, security credentials (e.g., access keys), and permissions that control which AWS resources users can access.

AWS account

If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Part of the sign-up process involves receiving a phone call and entering a PIN using the phone keypad.

Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.

Technical requirements

Before you launch the Quick Start, review the following information and ensure that your account is properly configured. Otherwise, deployment might fail.

Resource quotas

If necessary, request service quota increases for the following resources. You might need to request increases if your existing deployment currently uses these resources and if this Quick Start deployment could result in exceeding the default quotas. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see What is Service Quotas? and AWS service quotas.

Resource This deployment uses

VPCs

1

Elastic IP addresses

3

AWS Identity and Access Management (IAM) security groups

3

IAM roles

1

Auto Scaling groups

2

Classic Load Balancers

1

t2.micro instances

2

Supported AWS Regions

For any Quick Start to work in a Region other than its default Region, all the services it deploys must be supported in that Region. You can launch a Quick Start in any Region and see if it works. If you get an error such as “Unrecognized resource type,” the Quick Start is not supported in that Region.

For an up-to-date list of AWS Regions and the AWS services they support, see AWS Regional Services.

Certain Regions are available on an opt-in basis. For more information, see Managing AWS Regions.

Amazon EC2 key pairs

Ensure that at least one Amazon EC2 key pair exists in your AWS account in the Region where you plan to deploy the Quick Start. Note the key-pair name because you will use it during deployment. To create a key pair, see Amazon EC2 key pairs and Linux instances.

For testing or proof-of-concept purposes, we recommend creating a new key pair instead of using one that’s already being used by a production instance.

IAM permissions

Before launching the Quick Start, you must sign in to the AWS Management Console with IAM permissions for the resources that the templates deploy. The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions. For more information, see AWS managed policies for job functions.

Deployment options

This Quick Start provides two deployment options:

  • Deploy IBM MQ into a new VPC (end-to-end deployment). This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components. It then deploys IBM MQ into this new VPC.

  • Deploy IBM MQ into an existing VPC. This option provisions IBM MQ in your existing AWS infrastructure.

The Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and IBM MQ settings, as discussed later in this guide.

Deployment steps

Sign in to your AWS account

  1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For more information, see Planning the deployment, earlier in this guide.

  2. Use the Region selector in the navigation bar to choose the AWS Region where you want to deploy IBM MQ on AWS.

  3. Ensure that your AWS account is configured correctly, as discussed in the Technical requirements section.

Sign up for an IBM MQ license

To use the Quick Start in a production environment, you must have an IBM MQ program license. If you want to try out the software first, skip this step. The Quick Start automatically signs you up for a 90-day trial period, and you can add a program license later.

To get a program license:

  1. To sign up for an IBM MQ program license, see IBM MQ Trial.

  2. Place the license key file for the software in an S3 bucket. You are prompted for the bucket name and license file name in the next section.

Launch the Quick Start

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service used by this Quick Start. Prices are subject to change.
  1. Sign in to your AWS account, and choose one of the following options to launch the AWS CloudFormation template. For help with choosing an option, see deployment options, earlier in this guide.

Deploy IBM MQ into a new VPC on AWS

View template

Deploy IBM MQ into an existing VPC on AWS

View template

If you deploy IBM MQ into an existing VPC, ensure that your VPC has two private subnets in different Availability Zones for the workload instances and that the subnets aren’t shared. This Quick Start doesn’t support shared subnets. To allow the instances to download packages and software without exposing them to the internet, the subnets require NAT gateways in their route tables. Also, ensure that the domain name in the DHCP options is configured, as explained in DHCP options sets. Provide your VPC settings when you launch the Quick Start.

Each deployment takes about 30 minutes to complete.

  1. Check the AWS Region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. This is where the network infrastructure for IBM MQ is built. The template is launched in the us-east-2 Region by default.

  1. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  2. On the Specify stack details page, change the stack name if needed. Review the template parameters, and provide values for any parameters that require input. For all other parameters, review the default settings, and customize them as necessary.

+ In the following tables, parameters are listed by category and described separately for the deployment options. When you finish reviewing and customizing the parameters, choose Next.

+ NOTE: Unless you are customizing the Quick Start templates for your own deployment projects, keep the default settings for the parameters Quick Start S3 bucket name, Quick Start S3 bucket Region, and Quick Start S3 key prefix. Changing these settings automatically updates code references to point to a new Quick Start location. For more information, see the AWS Quick Start Contributor’s Guide.

+

Parameters for launching into an existing VPC

Table 1. Software License Agreement
Parameter label (name) Default value Description

License Agreement (LicenseAgreement)

-

I have read and agree to the license terms for IBM MQ (https://www14.software.ibm.com/cgi-bin/weblap/lap.pl?popup=Y&li_formnum=L-APIG-AZYF4X).

Table 2. Network Configuration
Parameter label (name) Default value Description

VPC ID (VPCID)

Requires input

ID of your existing VPC for deployment

Private Subnet 1 ID (PrivateSubnet1ID)

Requires input

ID of private subnet 1 in Availability Zone 1 for the IBM MQ instances (e.g., subnet-a0246dcd)

Private Subnet 2 ID (PrivateSubnet2ID)

Requires input

ID of private subnet 2 in Availability Zone 2 for the IBM MQ instances (e.g., subnet-b1f432cd)

Public Subnet 1 ID (PublicSubnet1ID)

Requires input

ID of public subnet 1 in Availability Zone 1 for the ELB load balancer (e.g., subnet-9bc642ac)

Public Subnet 2 ID (PublicSubnet2ID)

Requires input

ID of public subnet 2 in Availability Zone 2 for the ELB load balancer (e.g., subnet-e3246d8e)

Allowed Admin Web Console External Access CIDR (AdminConsoleAccessCIDR)

Requires input

The CIDR IP range that is permitted to access the IBM MQ Web Console via the ELB. We recommend that you set this value to a trusted IP range.

Allowed Client Application External Access CIDR (ClientAppAccessCIDR)

Requires input

The CIDR IP range that is permitted to allow access for IBM MQ Client Applications. We recommend that you set this value to a trusted IP range.

Table 3. Bastion Configuration
Parameter label (name) Default value Description

SSH Key Name (KeyPairName)

Requires input

Name of an existing EC2 key pair. All instances will launch with this key pair.

Bastion Security Group ID (BastionSecurityGroupID)

Requires input

ID of the bastion host security group to enable SSH connections (e.g., sg-7f16e910)

Table 4. IBM MQ Instance Configuration
Parameter label (name) Default value Description

IBM MQ Instance Owner (MQOwner)

ibm-mq

Set Owner tag for the IBM MQ instance

IBM MQ Instance Name (MQInstanceName)

ibm-mq

Name for the IBM MQ instance that is deployed to EC2

IBM MQ Instance Type (MQInstanceType)

t2.micro

IBM MQ server EC2 instance type

Queue Manager Name (QueueManagerName)

QM1

The name to use for the IBM MQ queue manager. This string can include a maximum of 48 characters, consisting of uppercase letters, numbers, periods (.), underscores (), and percent signs (%). See the IBM Knowledge Center for naming rules (https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.2.0/com.ibm.mq.pro.doc/q003340.htm).

IBM MQ Web Console Admin Username (MQConsoleUsername)

mqconsoleadmin

Admin Username used for accessing Web Console and REST Api

IBM MQ Web Console Admin Password (MQConsolePassword)

Requires input

Admin Password to access the MQ Web Console (Min. Length of 8 Characters, Max Length of 12 Characters)

mqadmin Password (MQAdminPassword)

Requires input

Password for predefined mqadmin user, which is used to administer IBM MQ. See the IBM Knowledge Center for information on authority to administer IBM MQ (https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.2.0/com.ibm.mq.sec.doc/q010400_.htm). This is an 8-12 character string.

mqapp Password (MQAppPassword)

Requires input

Password for predefined mqapp user, which applications use to securely connect to IBM MQ. See the IBM Knowledge Center for details on authorization for applications to use IBM MQ (https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.2.0/com.ibm.mq.sec.doc/q010400_.htm). This is an 8-12 character string.

Table 5. IBM MQ License
Parameter label (name) Default value Description

IBM MQ License S3 Bucket Name (LicenseS3Bucket)

Optional

S3 bucket name where you store IBM MQ License file. Leave blank to use 90 day Trial license.

IBM MQ License S3 Key Prefix Name (LicenseS3KeyPrefix)

Optional

S3 key prefix for the directory your IBM MQ License file is stored. Leave blank to use 90 day Trial license.

Parameters for launching into a new VPC

Table 6. Software License Agreement
Parameter label (name) Default value Description

License Agreement (LicenseAgreement)

-

I have read and agree to the license terms for IBM MQ (https://www14.software.ibm.com/cgi-bin/weblap/lap.pl?popup=Y&li_formnum=L-APIG-AZYF4X).

Table 7. VPC & Bastion Configuration
Parameter label (name) Default value Description

Availability Zones (AvailabilityZones)

Requires input

List of Availability Zones to use for the subnets in the VPC. Only two Availability Zones are used for this deployment, and the logical order of your selections is preserved.

Allowed Bastion External Access CIDR (AdminRemoteAccessCIDR)

Requires input

The CIDR IP range that is permitted to access the IBM MQ server via the Bastion Server. We recommend that you set this value to a trusted IP range.

Allowed Admin Web Console External Access CIDR (AdminConsoleAccessCIDR)

Requires input

The CIDR IP range that is permitted to access the IBM MQ Web Console via the ELB. We recommend that you set this value to a trusted IP range.

Allowed Client Application External Access CIDR (ClientAppAccessCIDR)

Requires input

The CIDR IP range that is permitted to allow access for IBM MQ Client Applications. We recommend that you set this value to a trusted IP range.

Key Pair Name (KeyPairName)

Requires input

The name of an existing public/private key pair, which allows you to securely connect to your instance after it launches

Bastion AMI Operating System (BastionAMIOS)

Amazon-Linux2-HVM

The Linux distribution for the AMI to be used for the bastion instances

Bastion Instance Type (BastionInstanceType)

t2.micro

Amazon EC2 instance type for the bastion instances

Table 8. IBM MQ Instance Configuration
Parameter label (name) Default value Description

IBM MQ Instance Owner (MQOwner)

ibm-mq

Set Owner tag for the IBM MQ instance

IBM MQ Instance Name (MQInstanceName)

ibm-mq

Name for the IBM MQ instance that is deployed to EC2

IBM MQ Instance Type (MQInstanceType)

t2.micro

IBM MQ server EC2 instance type

Queue Manager Name (QueueManagerName)

QM1

The name to use for the IBM MQ queue manager. This string can include a maximum of 48 characters, consisting of uppercase letters, numbers, periods (.), underscores (), and percent signs (%). See the IBM Knowledge Center for naming rules (https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.2.0/com.ibm.mq.pro.doc/q003340.htm).

IBM MQ Web Console Admin Username (MQConsoleUsername)

mqconsoleadmin

Admin Username used for accessing Web Console and REST Api

IBM MQ Web Console Admin Password (MQConsolePassword)

Requires input

Admin Password to access the MQ Web Console (Min. Length of 8 Characters, Max Length of 12 Characters)

mqadmin Password (MQAdminPassword)

Requires input

Password for predefined mqadmin user, which is used to administer IBM MQ. See the IBM Knowledge Center for information on authority to administer IBM MQ (https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.2.0/com.ibm.mq.sec.doc/q010400_.htm). This is an 8-12 character string.

mqapp Password (MQAppPassword)

Requires input

Password for predefined mqapp user, which applications use to securely connect to IBM MQ. See the IBM Knowledge Center for details on authorization for applications to use IBM MQ (https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.2.0/com.ibm.mq.sec.doc/q010400_.htm). This is an 8-12 character string.

Table 9. IBM MQ License
Parameter label (name) Default value Description

IBM MQ License S3 Bucket Name (LicenseS3Bucket)

Optional

S3 bucket name where you store your IBM MQ License file. Leave blank to use 90 day Trial license.

IBM MQ License S3 Key Prefix Name (LicenseS3KeyPrefix)

Optional

S3 key prefix for the directory your IBM MQ License file is stored. Leave blank to use 90 day Trial license.

Table 10. AWS Quick Start Configuration
Parameter label (name) Default value Description

Quick Start S3 Bucket Name (QSS3BucketName)

aws-quickstart

S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 bucket Region (QSS3BucketRegion)

us-east-1

The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.

Quick Start S3 Key Prefix (QSS3KeyPrefix)

quickstart-ibm-mq/

S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).

+ . On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next. . On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources and might require the ability to automatically expand macros. . Choose Create stack to deploy the stack. . Monitor the status of the stack. When the status is CREATE_COMPLETE, the IBM MQ deployment is ready. . To view the created resources, see the values displayed in the Outputs tab for the stack.

Deploy with Control Tower

You can deploy IBM MQ in a customized AWS Control Tower environment to help you set up a secure, multi-account AWS environment using AWS best practices. For details, see Customizations for AWS Control Tower.

The root directory of the IBM MQ Quick Start repo includes a ct folder with a manifest.yaml file to assist you with the AWS Control Tower deployment. This file has been customized for the IBM MQ Quick Start.

In the following sections, you will review and update the settings in this file and then upload it to the S3 bucket that is used for the deployment.

Review the manifest.yaml file

  1. Navigate to the root directory of the IBM MQ Quick Start, and open the manifest.yaml file, located in the ct folder.

  2. Confirm that the region attribute references the Region where AWS Control Tower is deployed. The default Region is us-east-1. You will update the regions attribute (located in the resources section) in a later step.

  3. Confirm that the resource_file attribute points to the public S3 bucket for the IBM MQ Quick Start. Using a public S3 bucket ensures a consistent code base across the different deployment options.

    If you prefer to deploy from your own S3 bucket, update the path as needed.

  4. Review each of the parameters attributes and update them as needed to match the requirements of your deployment.

  5. Confirm that the deployment_targets attribute is configured for either your target accounts or organizational units (OUs).

  6. For the regions attribute, add the Region where you plan to deploy the IBM MQ Quick Start. The default Region is us-east-1.

Upload the manifest.yaml file

  1. Compress the manifest.yaml file and name it custom-control-tower-configuration.zip.

  2. Upload the custom-control-tower-configuration.zip file to the S3 bucket that was created for the AWS Control Tower deployment (custom-control-tower-configuration-<accountnumber>-<region>).

The file upload initiates the customized pipeline that deploys the Quick Start to your target accounts.

Test the deployment

When the AWS CloudFormation template successfully creates the stack, all server nodes run with the software installed in your AWS account.

In the following steps, you connect to IBM MQ through a web console to verify and explore the deployment.

Connect to the IBM MQ Console:

  1. Choose the URL of the Elastic Load Balancing endpoint for the IBM MQ Console, as shown in [cfn_outputs].

  2. The Liberty server used by the IBM MQ Console is initially configured to use a self-signed certificate, so your browser may display the warning shown in Figure 2. Note that the screenshot was captured using Firefox v79.0; currently, Chrome v84.x does not allow users to bypass this warning.

    We recommend that you update the self-signed certificate to a certificate that’s signed by a trusted certificate authority (CA). For more information about setting up certificates, see Using client certificate authentication with the REST API and IBM MQ Console.

    image
    Figure 2. Connection error when accessing MQConsoleURL
    image
    Figure 3. Accepting the security certificate
  3. On the IBM MQ Console login screen, enter the user name and password you created during deployment. (The default user name is mqconsoleadmin.)

    image
    Figure 4. IBM MQ Console login screen

    The Console initially displays a landing page with quick links, as shown in Figure 5. Choose Manage to see the queue-management page, where you can create and edit queue managers. There are also quick links to Create a queue manager and Create a queue.

    The MQ Basics tiles launch a short guide that describes some of the core concepts of messaging with IBM MQ, which is particularly useful if you are new to IBM MQ. There is also a link to the external Learn MQ website, where you can find tutorials and articles about IBM MQ.

    image
    Figure 5. IBM MQ Console landing page

    You can use the IBM MQ Console to perform administrative tasks, such as stopping and starting queue managers and creating objects in queues and channels. In the following steps, use the Console to verify that the server works correctly, and add a message to a queue.

  4. From the landing page, choose Manage.

    image
    Figure 6. Manage queue page
  5. On the Manage page, choose QM1 to open the queue manager (see Figure 7).

    image
    Figure 7. Viewing the queue manager details
  6. Open the Q1 queue from the table to view it’s details. Local queues display a message viewer, which allows you to view, filter, and search messages.

    image
    Figure 8. Message viewer
  7. Choose Create to put a message in the queue. In the side panel, input a message in the Application data text field (see Figure 9).

    put_message
    Figure 9. Input message text in side panel
  8. Choose Create to put the message in the queue. The side panel closes, and the list view refreshes automatically.

    browse_message
    Figure 10. Message appears in viewer

    For more information about using IBM MQ, see the IBM Knowledge Center.

Post-deployment steps

Connect to the IBM MQ server

It’s possible to administer IBM MQ locally from the server. For more information, see Administering IBM MQ.

To connect to the IBM MQ server instance, use SSH (Secure Shell) to connect to the bastion host instance in your VPC. Use an SSH agent to forward your private key upon connection. For more information, see Using SSH agent forwarding.

Do not copy your private key to the bastion host instance.

FAQ

Q. I encountered a CREATE_FAILED error when I launched the Quick Start.

A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with Rollback on failure set to Disabled. (This setting is under Advanced in the AWS CloudFormation console, Options page.) With this setting, the stack’s state is retained, and the instance remains running so you can troubleshoot the issue. (For Windows, look at the log files in %ProgramFiles%\Amazon\EC2ConfigService and C:\cfn\log.)

When you set Rollback on failure to Disabled, you continue to incur AWS charges for the stack. Ensure that you delete the stack when you finish troubleshooting.

For additional information, see Troubleshooting AWS CloudFormation.

Q. I encountered a size limitation error when I deployed the AWS CloudFormation templates.

A. We recommend that you launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer, or from a location other than an S3 bucket, you might encounter template size limitations. For more information, see AWS CloudFormation quotas.

Additional resources

Customer responsibility

After you successfully deploy this Quick Start, confirm that your resources and services are updated and configured — including any required patches — to meet your security and other needs. For more information, see the AWS Shared Responsibility Model.

Send us feedback

To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. To submit code, see the Quick Start Contributor’s Guide.

Quick Start reference deployments

GitHub repository

Visit our GitHub repository to download the templates and scripts for this Quick Start, to post your comments, and to share your customizations with others.


Notices

This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for specific language governing permissions and limitations.