diff --git a/services/docker-compose.yml b/services/docker-compose.yml
--- a/services/docker-compose.yml
+++ b/services/docker-compose.yml
@@ -100,7 +100,7 @@
   # RabbitMQ
   rabbitmq:
     # This version matches AWS MQ version (set in Terraform)
-    image: rabbitmq:3.11.16-management
+    image: rabbitmq:3.13.7-management
     hostname: rabbitmq
     ports:
       - '5672:5672'
diff --git a/services/terraform/remote/service_tunnelbroker.tf b/services/terraform/remote/service_tunnelbroker.tf
--- a/services/terraform/remote/service_tunnelbroker.tf
+++ b/services/terraform/remote/service_tunnelbroker.tf
@@ -46,11 +46,12 @@
   broker_name = "tunnelbroker-rabbitmq"
 
   # Keep RabbitMQ version in sync with docker-compose.yml
-  engine_type        = "RabbitMQ"
-  engine_version     = "3.12.13"
-  host_instance_type = local.is_staging ? "mq.t3.micro" : "mq.m5.large"
-  apply_immediately  = local.is_staging
-  deployment_mode    = "SINGLE_INSTANCE"
+  engine_type                = "RabbitMQ"
+  engine_version             = "3.13.7"
+  auto_minor_version_upgrade = true
+  host_instance_type         = local.is_staging ? "mq.t3.micro" : "mq.m5.large"
+  apply_immediately          = local.is_staging
+  deployment_mode            = "SINGLE_INSTANCE"
   # Access from outside VPC - this allows to access the RabbitMQ console from browser
   publicly_accessible = true