Message brokers if not encrypted with customer managed KMS CMKs can impact the confidentiality of the data.
This configuration setting only applies to the ActiveMQ engine and the encryption configuration can only be set upon broker creation. To create a new broker, follow the steps below.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/data-protection.html#data-protection-encryption-at-rest
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#encryption_options