Query: 1.16 Ensure IAM does not allow public access to Cloud Object Storage

Description

IBM Cloud features the capability for users with specific access roles to create access policies that allow all users(authenticated and non-authenticated) to access resources in the account. This “all users” access in turn ends up in public (including non-authenticated) access to resources. Determine if this capability is required by your organization and disable if not required.

Query

Tables used in this query:

• ibm_iam_access_group

Controls using this query:

• 1.16 Ensure IAM does not allow public access to Cloud Object Storage
• 2.1.5 Disable public (anonymous) access to IBM Cloud Object Storage buckets

SQL