GCP-Storage-buckets-logging-is-disable

Severity: High

Description: This control ensures that logging is enabled for Cloud storage buckets. Storage Access Logging generates a log that contains access records for each request made to the Storage bucket. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. It is recommended that storage Access Logs and Storage logs are enabled for every Storage Bucket.

Remediation Steps:

Perform following to enable logging on storage bucket:

1. gsutil command-line tool:

   gsutil logging set on -b gs://{bucketName for a bucket used to store logs} gs://{your bucket name}

    

Important:

Reference:

• https://cloud.google.com/storage/docs/access-logs