GCP-Storage-buckets-are-anonymously-or-publicly-accessible

Severity: High

Description: This control ensures that Cloud Storage bucket is not anonymously or publicly accessible. It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous and/or public access.

Remediation Steps:

Perform following to remove anonymous or public access to storage bucket :

1. Sign in to GCP Console https://console.cloud.google.com.

2. Go to Storage Section

3. In Storage, Click Browser

4. Select a storage bucket and click on menu in the right most column

5. Select Edit Bucket Permissions

6. Expand every role displayed.

7. Click Delete button in front of allUsers and/or allAuthenticatedUsers to remove that role assignment

Important:

Reference:

• CIS Google Cloud Platform Foundation Benchmark v1.2.0 - 05-01-2021: Recommendation #5.1

• https://cloud.google.com/storage/docs/access-control/iam-reference

• https://cloud.google.com/storage/docs/access-control/making-data-public