Ensure that "Enforce uniform bucket-level access" policy is enabled for your Google Cloud Platform (GCP) organization in order to enforce uniform bucket-level access for all Google Cloud Storage buckets available in your organization. Ensure the policy is enforced at the project level through inheriting the parent settings.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
Enforcing uniform bucket-level access disables Access Control Lists (ACLs) for all Cloud Storage resources (buckets and objects) so that the access is granted exclusively through Cloud IAM service which is more efficient and secure. This type of access is also used to unify and simplify how you grant access to your Cloud Storage resources. The "Enforce uniform bucket-level access" organization policy requires storage buckets to use uniform bucket-level access where the constraint is set to True. Once this policy is implemented, any new bucket created inside your GCP organization should have uniform bucket-level access enabled, and no existing buckets within the organization can disable uniform bucket-level access.
Audit
To determine if "Enforce uniform bucket-level access" policy is enabled for your GCP organizations and projects, perform the following actions:
Remediation / Resolution
To ensure that uniform bucket-level access is enabled for all new Google Cloud Storage buckets created within your GCP organization, enable the “Enforce uniform bucket-level access” organization policy by performing the following operations:
References
- Google Cloud Platform (GCP) Documentation
- Organization policy constraints
- Using constraints
- Creating and managing organization policies
- GCP Command Line Interface (CLI) Documentation
- gcloud organizations list
- gcloud alpha resource-manager org-policies describe
- gcloud alpha resource-manager org-policies enable-enforce
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enforce Uniform Bucket-Level Access
Risk Level: Medium