More Info:
List all the buckets that have website configuration (this is an informational rule only)Risk Level
InformationalAddress
Operational Maturity, SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To list all buckets which have write configuration in GCP, you can follow these steps:
- Open the GCP Console and navigate to the Cloud Storage page.
- In the left navigation pane, click on “Storage”.
- Click on the “Buckets” tab.
- In the “Filter Buckets” search box, type “bindings:writer” and press Enter.
- This will list all the buckets with write configuration.
- Open the GCP Console and navigate to the Cloud Storage page.
- In the left navigation pane, click on “Storage”.
- Click on the bucket that has write configuration.
- Click on the “Permissions” tab.
- In the “Add members” field, enter the email address of the user or service account that you want to grant access to.
- Select the appropriate role for the user or service account from the “Select a role” drop-down menu.
- Click the “Add” button to grant the user or service account access to the bucket.
- Remove any unnecessary write permissions from the bucket by clicking the “Edit” button next to the relevant member and selecting the appropriate role from the “Select a role” drop-down menu.
- Click the “Save” button to save the changes.
Using CLI
Using CLI
To list all buckets which have Write Configuration enabled in GCP, you can use the following command in the GCP CLI:This command will list all the buckets with Write Configuration enabled. To remediate this issue, you can follow the below steps:
- Open the GCP Console and navigate to the Cloud Storage page.
- Click on the name of the bucket that has Write Configuration enabled.
- Click on the “Permissions” tab.
- Under the “Public access prevention” section, select “Enforced by organization policy”.
- Click “Save”.
Using Python
Using Python
To list all the buckets which have write configuration in GCP, you can use the following Python code:To remediate this misconfiguration, you can remove the Note: Make sure to replace
WRITER
role from the bucket’s ACL. You can use the following Python code to do this:bucket-name
with the actual name of the bucket. Also, make sure you have the necessary permissions to modify the bucket’s ACL.