Question about Amazon MQ with a multi-broker deployment

Hello, question about Amazon MQ.

I’m creating a 3-node cluster, using a template_file resource. The template file defines networkConnector endpoints so the brokers can communicate, using the other 2 broker’s ssl endpoints. Once the template is rendered, it is used in a configuration associated with the broker.

Network Connector example -

<networkConnector conduitSubscriptions="false" consumerTTL="1" messageTTL="-1" name="QueueConnectorPartner1" uri="static:(${first_partner_node_uri})" userName="${first_partner_node_username}">
    <topic physicalName="&gt;"/>

Template file -

data "template_file" "broker_1_config_file" {
  template = file("${path.module}/templates/amq_template.tpl")
  vars = {
    first_partner_node_uri = aws_mq_broker.activemq_broker_2.instances.0.endpoints.0

Configuration -

resource "aws_mq_configuration" "activemq_config_node_1" {
  provider =
  description = "Configuration for node 1."
  name = "..."
  engine_type = "ActiveMQ"
  engine_version = "5.15.10"

  data = data.template_file.broker_1_config_file.rendered

Broker -

resource "aws_mq_broker" "activemq_broker_1" {
  provider =

  broker_name        = "..."
  engine_type        = "ActiveMQ"
  engine_version     = "5.15.10"
  host_instance_type = "mq.t2.micro"

  apply_immediately          = true
  publicly_accessible        = true
  auto_minor_version_upgrade = true

  configuration {
    id =
    revision = aws_mq_configuration.activemq_config_node_1.latest_revision

The issue here is there is a cycle, the broker requiring the configuration, and the configuration requiring the other broker’s ssl endpoints. What is the best way to resolve this? Using a depends_on for the configuration doesn’t resolve the issue, even after creating the brokers first. I have also tried apply_immediately = false for the broker.

The desired outcome - brokers would be created with default configuration, then updated configuration is created, then the new configuration is applied to the brokers. This is similar to what happens during the cloudformation stack.


I have resorted to creating the brokers separately as this is a known issue: