Aqua CSPM

Block Storage Policy Protection

Quick Info

Plugin TitleBlock Storage Policy Protection
CloudORACLE
CategoryBlock Storage
DescriptionEnsure policy statements have deletion protection for block volumes unless it is an administrator group.
More InfoAdding deletion protection to Oracle block volume policies mitigates unintended deletion of block and boot volumes by unauthorized users or groups.
ORACLE Linkhttps://docs.cloud.oracle.com/iaas/Content/Security/Reference/iam_security.htm
Recommended ActionWhen writing policies, avoid blanket statements, and add a where statement with the line request.permission != {VOLUME_DELETE, VOLUME_BACKUP_DELETE, VOLUME_ATTACHMENT_DELETE}.

Detailed Remediation Steps