Ensure that Cloud Storage bucket is not anonymously or publicly accessible.
Using ‘allUsers’ or ‘allAuthenticatedUsers’ as members in an IAM member/binding causes data to be exposed outside of the organisation.
Impact
Public exposure of sensitive data.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Restrict public access to the bucket.
1
2
3
4
5
6
7
8
|
resource "google_storage_bucket_iam_binding" "binding" {
bucket = google_storage_bucket.default.name
role = "roles/storage.admin"
members = [
"user:jane@example.com",
]
}
|
Links