turbot/alicloud_compliance

Control: 5.1 Ensure that OSS bucket is not anonymously or publicly accessible

Description

It is recommended that the access policy on OSS bucket does not allows anonymous and/or public access.

Remediation

The anonymous or public access to OSS bucket can be restricted through both Bucket ACL and Bucket Policy.

From Console

Using the Bucket ACL:

  1. Logon to OSS console.
  2. In the bucket-list pane, click on a target OSS bucket.
  3. Click on Basic Setting in top middle of the console.
  4. Under ACL section, click on configure.
  5. Click Private.
  6. Click Save.

Using Bucket Policy:

  1. Logon to OSS console.
  2. Click Bucket, and then click the name of target bucket.
  3. Click the Files tab. On the page that appears, click Authorize.
  4. In the Authorize dialog box that appears, click Authorize.
  5. In the Authorize dialog box that appears, choose the Anonymous Accounts (*) for Accounts and choose None for Authorized Operation.

Usage

steampipe check alicloud_compliance.control.cis_v100_5_1

SQL

This control uses a named query:

oss_bucket_public_access_blocked

Tags