Check for Publicly Accessible Object Storage Buckets

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Object Storage & Archive Storage console available at https://cloud.oracle.com/object-storage/.

03 In the left navigation panel, choose Buckets, and select an OCI compartment from the Compartment dropdown menu, to list the Object Storage buckets available within that compartment.

04 Click on the name (link) of the bucket that you want to examine, listed in the Name column.

05 Select the Bucket Information tab and check the Visibility attribute value, listed under Features. If Visibility is set to Public, the selected OCI Object Storage bucket is publicly accessible. This configuration allows anonymous and unauthenticated users to access data stored within the bucket.

06 Repeat steps no. 4 and 5 for each Object Storage bucket created in the selected Oracle Cloud Infrastructure (OCI) compartment.

07 Repeat steps no. 3 – 6 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

01 Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:

oci iam compartment list
	--all
	--query 'data[]."compartment-id"'

02 The command output should return the requested OCI compartment identifiers (IDs):

[
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

03 Run os bucket list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, the list the name of each Object Storage bucket available in the selected OCI compartment:

oci os bucket list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--all
	--query 'data[]."name"'

04 The command output should return the requested bucket names:

[
	"cc-project5-data-bucket",
	"cc-tenancy-logging-bucket",
	"cc-cloud-artifacts-bucket"
]

05 Run os bucket get command (Windows/macOS/Linux) with the name of the Object Storage bucket that you want to examine as the identifier parameter and custom output filters to determine if the selected bucket is configured to allow public, anonymous access:

oci os bucket get
	--bucket-name 'cc-project5-data-bucket'
	--query 'data."public-access-type"'

06 The command output should return the public access type configured for the selected bucket. "ObjectRead" allows public access for the GetObject and HeadObject operations, "ObjectReadWithoutList" allows public access for the GetObject, HeadObject, and ListObjects operations, and "NoPublicAccess" blocks public access (allows only authenticated callers to access the bucket and its contents):

"ObjectRead"

07 Repeat steps no. 5 and 6 for each Object Storage bucket provisioned in the selected OCI compartment.

08 Repeat steps no. 3 – 7 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Object Storage & Archive Storage console available at https://cloud.oracle.com/object-storage/.

03 In the left navigation panel, choose Buckets, and select an OCI compartment from the Compartment dropdown menu, to list the Object Storage buckets available within that compartment.

04 Click on the name (link) of the publicly accessible bucket that you want to configure, listed in the Name column.

05 Choose Edit Visibility from the top menu, set Visibility to Private, and choose Save changes to apply the configuration changes. The bucket is now considered private, meaning that accessing both the bucket and its contents requires authentication and authorization.

06 Repeat steps no. 4 and 5 for each publicly accessible bucket created in the selected Oracle Cloud Infrastructure (OCI) compartment.

07 Repeat steps no. 3 – 6 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

01 Run os bucket update command (Windows/macOS/Linux) with the name of the publicly accessible bucket that you want to configure as the identifier parameter, to block the public, anonymous access to the selected bucket by setting the --public-access-type parameter to 'NoPublicAcces'. The bucket is now considered private, meaning that accessing both the bucket and its contents requires authentication and authorization:

oci os bucket update
	--bucket-name 'cc-project5-data-bucket'
	--public-access-type 'NoPublicAccess'
	--query 'data."public-access-type"'

02 The command output should return the public access type for the configured bucket (i.e., "NoPublicAccess"):

"ocid1.onstopic.oc1.ap-sydney-1.amaaaaaarda2cfyaozua2hj2b2btbdj3sz3fcy7qox4jtryji54godksyicq"

03 Repeat steps no. 1 and 2 for each publicly accessible bucket provisioned in the selected Oracle Cloud Infrastructure (OCI) compartment.

04 Repeat steps no. 1 – 3 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.