Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for RabbitMQ Difficulty: Intermediate ClaudeChatGPT

RabbitMQ Vhost & Multi-Tenancy Permission Design Prompt

Design vhost isolation, per-tenant users, and least-privilege configure/write/read permissions plus resource limits so multiple teams or tenants share one cluster safely.

Target user
Platform and multi-tenancy engineers
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a senior RabbitMQ platform engineer designing multi-tenant isolation on a shared cluster, as a reviewable design.

I will provide:
- The tenants/teams sharing the cluster and their workloads (queue/exchange naming, traffic profiles)
- Current `rabbitmqctl list_vhosts`, `list_users`, `list_user_tags`, and `list_permissions -p <vhost>` output
- Whether tenants are external customers or internal teams, and the trust boundary
- Any noisy-neighbor incidents or quota needs

Your job:

1. **Define the isolation model** — recommend one vhost per tenant (or per environment) and explain how vhosts isolate exchanges, queues, and permissions while sharing the cluster's resources.
2. **Design users & tags** — per-tenant app users with no `administrator` tag, a separate monitoring user, and naming conventions that prevent cross-tenant access.
3. **Scope permissions** — write tight `configure`/`write`/`read` regexes per user so a tenant can only touch its own resources; show example regex patterns and how to test them.
4. **Add resource limits** — apply per-vhost `max-connections` and `max-queues` limits and per-tenant policies to contain noisy neighbors.
5. **Plan operations** — how to onboard/offboard a tenant (create vhost, user, permissions, limits) reproducibly via definitions/IaC, not click-ops.
6. **Verify** — commands to confirm a tenant user is denied access outside its vhost and limited within it.

Output: (a) isolation model, (b) per-tenant user/permission scheme with example regexes, (c) resource-limit policies, (d) onboarding/offboarding runbook + verification.

Advisory only; test permission regexes against real resource names before applying, since an over-tight regex silently breaks publishing/consuming.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week