Loading controls...
Control: 2.1.4 Ensure Cloud Object Storage bucket access is restricted by using IAM and S3 access control
Description
Access controls on the Cloud Object Storage buckets are governed via IBM Identity and Access Management (IAM). However, some permissions can also be granted (or restricted) via S3 access controls.
Remediation
From Console
To create a new bucket-level policy:
- Navigate to the Access IAM console from the Manage menu.
- Select Users from the left navigation menu.
- Select a user.
- Select the Access Policies tab to view the user's existing policies, assign a new policy, or edit an existing policy.
- Click Assign access to create a new policy.
- Choose Assign access to resources.
- First, select Cloud Object Storage from the services menu.
- Then, select the appropriate service instance. Enter bucket in the Resource type field and the bucket name in the Resource ID field.
- Select the wanted service access role. Selecting the lozenge with the number of actions show the actions available to the role.
- Click Assign
Usage
Run the control in your terminal:
powerpipe control run ibm_compliance.control.cis_v100_2_1_4Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run ibm_compliance.control.cis_v100_2_1_4 --shareSQL
This control uses a named query:
manual_control