Risk Level: Very High (act immediately)
Rule ID: OCI-ObjectStorage-001
Ensure that your Oracle Cloud Infrastructure (OCI) Object Storage buckets are not publicly accessible to the Internet in order to protect against unauthorized access and keep sensitive data secure.
Allowing anonymous, unauthenticated access to your Oracle Cloud Infrastructure (OCI) Object Storage buckets can allow malicious threat actors to list bucket contents, obtain object metadata, and download bucket objects, which can lead to data breaches, data loss, and unexpected charges on your OCI bill.
Audit
To determine if your Object Storage buckets allow public, anonymous access, perform the following operations:
Remediation / Resolution
To ensure that public, anonymous access to your OCI Object Storage buckets is restricted, perform the following operations:
References
- Oracle Cloud Infrastructure Documentation
- Overview of Object Storage
- Object Storage Buckets
- Changing an Object Storage Bucket's Visibility
- Oracle Cloud Infrastructure CLI Documentation
- Compartment list
- Bukcet list
- Bucket get
- Bucket update
Publication date Mar 6, 2025