Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Google > Storage >

Storage Bucket All Users Policy

HIGH
Source
CloudSploit
ID
storage-bucket-all-users-policy
management console

Storage Bucket All Users Policy

Ensures Storage bucket policies do not allow global write, delete, or read permissions

Storage buckets can be configured to allow the global principal to access the bucket via the bucket policy. This policy should be restricted only to known users or accounts.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Google Cloud Platform Console.

  2. Scroll down the left navigation panel and choose “Cloud Storage” to select the “Buckets” option.

  3. On the “Buckets” page, select the bucket which you want to configure by clicking on its name.Step

  4. Select the “PERMISSIONS” tab to access the permissions defined for selected bucket.Step

  5. Select the “VIEW BY PRINCIPALS” tab to display all IAM members (principals) that have access to the selected resource. Step

  6. Select all the allUsers and allAuthenticatedUsers principals available and choose REMOVE ACCESS to initiate the removal action for the selected bindings.Step

  7. On the removal confirmation box, choose “CONFIRM” to remove the allUsers and/or allAuthenticatedUsers principals.Step

  8. Repeat steps number 4-7 to remove all allUsers or allAuthenticatedUsers access from all other buckets in the project.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use