Storage bucket uniform access control should be enabled

Description

Permissions for Cloud Storage can be granted using Cloud IAM or ACLs. Cloud IAM allows permissions at the bucket and project levels, whereas ACLs are only used by Cloud Storage, but allow per-object permissions. Uniform bucket-level access disables ACLs, which ensures that only Cloud IAM is used for permissions. This ensures that bucket-level and/or project-level permissions will be the same as object-level permissions.

Remediation Steps

Google Cloud Console

  • Navigate to Storage browser.

  • Click on the bucket name to go to the Bucket details page.

  • Click PERMISSIONS.

  • Under Access control, select SWITCH TO UNIFORM.

  • Select Uniform, and click SAVE.

gcloud CLI

  • Set uniformbucketlevelaccess on the bucket:

    • gsutil uniformbucketlevelaccess set on gs://BUCKET_NAME/