Ensure that the IAM policy associated with your Google Cloud Storage buckets is restricting anonymous and/or public access. Cloud Storage buckets, like other GCP resources, have Cloud Identity and Access Management (IAM) policies configured to determine who can have access to the storage resources. To deny access from anonymous and public users, remove the bindings for "allUsers" and "allAuthenticatedUsers" members from the storage bucket's IAM policy. The "allUsers" is a special member identifier that represents any user on the Internet, including authenticated and unauthenticated users, while the "allAuthenticatedUsers" is an identifier that represents any user or service account that can sign in to Google Cloud Platform (GCP) with a Google account.
Misconfigured access permissions is a common security vulnerability that involves Cloud Storage resources. Granting permissions to "allUsers" and "allAuthenticatedUsers" members can allow anyone to access your buckets content. To prevent sensitive data leaks and data loss, ensure that anonymous and/or public access to your Google Cloud Storage buckets is not allowed.
To determine if there are any publicly accessible buckets available within your Google Cloud account, perform the following operations:
Remediation / Resolution
To remove "allUsers" and/or "allAuthenticatedUsers" IAM member bindings from the associated IAM policy in order to restrict anonymous and/or public access to your Google Cloud Storage buckets, perform the following operations:
- Google Cloud Platform (GCP) Documentation
- IAM references for Cloud Storage
- Making data public
- iam - Get, set, or change bucket and/or object IAM permissions.
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Check for Publicly Accessible Cloud Storage Buckets
Risk level: High