Triage and Remediation
Remediation
Using Console
Using Console
To remediate the “Bucket Should Not Allow Global Access” misconfiguration for GCP using GCP console, follow these steps:
- Go to the GCP console and select the project that contains the bucket with global access.
- Navigate to the Cloud Storage section of the console.
- Find the bucket that is allowing global access and click on its name to open its details page.
- Click on the “Permissions” tab.
- Scroll down to the “Public access prevention” section and click on the “Edit” button.
- In the “Public access prevention” window, select the “Enforced by Bucket Policy” option.
- Click on the “Save” button to apply the changes.
- Next, click on the “Bucket Policy” tab.
- In the bucket policy editor, enter the following JSON code to deny all public access to the bucket:
- Click on the “Save” button to apply the policy.
Using CLI
Using CLI
To remediate the bucket should not allow global access misconfiguration in GCP using GCP CLI, follow these steps:
- Open the Google Cloud Console and navigate to the Cloud Shell.
-
Run the following command to list all the buckets in your project:
- Identify the bucket that has global access enabled.
-
Run the following command to remove the public access from the bucket:
Replace [BUCKET_NAME] with the name of the bucket that you identified in step 3.
-
Run the following command to verify that the public access has been removed:
This command will display the IAM policy for the bucket. Verify that the “allUsers” entity no longer has the “roles/storage.objectViewer” role.
- Repeat steps 3 to 5 for all the buckets in your project that have global access enabled.
Using Python
Using Python
To remediate the “Bucket Should Not Allow Global Access” misconfiguration in GCP using Python, you can follow the below steps:Step 1: Install and import the required librariesStep 2: Authenticate with GCP using service account credentialsStep 3: Get the bucket object that you want to remediateStep 4: Set the bucket’s IAM policy to deny all public accessStep 5: Verify that the bucket’s IAM policy has been updated to deny all public accessBy following these steps, you can remediate the “Bucket Should Not Allow Global Access” misconfiguration in GCP using Python.