Storage bucket uniform access control should be enabled¶
Description¶
Cloud Storage bucket permissions should not be configured to allow ‘allUsers’ or ‘allAuthenticatedUsers’ access. These permissions provides broad, public access, which can result in unknown or undesired data access.
Remediation Steps¶
Google Cloud Console¶
Navigate to Storage browser.
Click on the bucket name to go to the Bucket details page.
Click PERMISSIONS.
Click Delete next to any allUsers and allAuthenticatedUsers role assignments.
gcloud CLI¶
Remove allUsers access from the bucket:
gsutil iam ch -d allUsers gs://BUCKET_NAME
Remove allAuthenticatedUsers access from the bucket:
gsutil iam ch -d allAuthenticatedUsers gs://BUCKET_NAME