Control: 5.1 Ensure that Cloud Storage bucket is not anonymously or publicly accessible
It is recommended that IAM policy on Cloud Storage bucket does not allows anonymous or public access. Storage buckets are not publicly shared by default.
Allowing anonymous or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous or public access to a bucket is not allowed.
- Login to GCP console and navigate to Storage Browser.
- Click on the bucket name to go to PERMISSIONS tab.
- Click REMOVE PUBLIC PERMISSIONS. Bucket will be
From Command Line
Remove allUsers and allAuthenticatedUsers access.
gsutil iam ch -d allUsers gs://BUCKET_NAMEgsutil iam ch -d allAuthenticatedUsers gs://BUCKET_NAME
steampipe check gcp_compliance.control.cis_v120_5_1
This control uses a named query:storage_bucket_not_publicly_accessible