GCP Storage
About
Monitor your GCP Storage resources for best practices.
Security
Storage Permissions Logging
Ensures that logging and log alerts exist for storage permission changes. Storage permissions include access to the buckets that store the logs, any changes in storage permissions should be heavily monitored to prevent unauthorized changes.
Bucket Logging
Ensures object logging is enabled on storage buckets. Storage bucket logging helps maintain an audit trail of access that can be used in the event of a security incident.
Storage Bucket All Users Policy
Ensures Storage bucket policies do not allow global write, delete, or read permissions. Storage buckets can be configured to allow the global principal to access the bucket via the bucket policy. This policy should be restricted only to known users or accounts.
Operational Maturity
Bucket Versioning
Ensures object versioning is enabled on storage buckets. Object versioning can help protect against the overwriting of objects or data loss in the event of a compromise.
Sources
https://www.cloudanix.com/recipelist/gcp/gcpstoragemonitoring
https://cloud.google.com/logging/docs/logs-based-metrics/
https://cloud.google.com/storage/docs/using-object-versioning
https://cloud.google.com/storage/docs/access-logs
https://cloud.google.com/storage/docs/access-control/iam
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out
this form.
