Skip to content

Latest commit

 

History

History
26 lines (21 loc) · 2.17 KB

storage-bucket-all-users-policy.md

File metadata and controls

26 lines (21 loc) · 2.17 KB

CloudSploit

GOOGLE / Storage / Storage Bucket All Users Policy

Quick Info

Plugin Title Storage Bucket All Users Policy
Cloud GOOGLE
Category Storage
Description Ensures Storage bucket policies do not allow global write, delete, or read permissions
More Info Storage buckets can be configured to allow the global principal to access the bucket via the bucket policy. This policy should be restricted only to known users or accounts.
GOOGLE Link https://cloud.google.com/storage/docs/access-control/iam
Recommended Action Ensure that each storage bucket is configured so that no member is set to allUsers or allAuthenticatedUsers.

Detailed Remediation Steps

  1. Log into the Google Cloud Platform Console.
  2. Scroll down the left navigation panel and choose "Cloud Storage" to select the "Buckets" option.
  3. On the "Buckets" page, select the bucket which you want to configure by clicking on its name.
  4. Select the "PERMISSIONS" tab to access the permissions defined for selected bucket.
  5. Select the "VIEW BY PRINCIPALS" tab to display all IAM members (principals) that have access to the selected resource.
  6. Select all the allUsers and allAuthenticatedUsers principals available and choose REMOVE ACCESS to initiate the removal action for the selected bindings.
  7. On the removal confirmation box, choose "CONFIRM" to remove the allUsers and/or allAuthenticatedUsers principals.
  8. Repeat steps number 4-7 to remove all allUsers or allAuthenticatedUsers access from all other buckets in the project.