More Info:
Ensure that cloud Storage buckets have uniform bucket-level access enabledRisk Level
LowAddress
SecurityCompliance Standards
CISGCP, CBP, HIPAA, ISO27001, HITRUST, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the “Buckets Should Have Uniform Access” misconfiguration in GCP using the GCP console, follow these steps:
- Open the GCP console and navigate to the Cloud Storage section.
- Select the bucket that you want to remediate.
- Click on the “Edit bucket permissions” button.
- Under the “Bucket Policy Only” section, select “Uniform” access.
- Click on the “Save” button to apply the changes.
Using CLI
Using CLI
To remediate the “Buckets Should Have Uniform Access” misconfiguration for GCP using GCP CLI, follow these steps:
- Open the Google Cloud Console and go to the Cloud Shell.
-
Run the following command to list all the buckets in your project:
- Identify the bucket that has non-uniform access.
-
Run the following command to enable uniform access for the identified bucket:
Replace [BUCKET_NAME] with the name of the identified bucket.
-
Verify that uniform access has been enabled for the bucket by running the following command:
Replace [BUCKET_NAME] with the name of the identified bucket. The output should show that uniform access is enabled for the bucket.
- Repeat the above steps for any other buckets that have non-uniform access.
Using Python
Using Python
To remediate the “Buckets Should Have Uniform Access” misconfiguration in GCP using Python, you can follow these steps:
-
Install the Google Cloud Storage library for Python using pip:
-
Authenticate with your GCP account and project by setting the
GOOGLE_APPLICATION_CREDENTIALS
environment variable to the path of your service account key file: -
Use the
google-cloud-storage
library to get a list of all the buckets in your project: -
For each bucket, check if Uniform Bucket-Level Access is enabled by calling the
get_iam_policy
method and checking if theuniformBucketLevelAccess
key is present in the returned policy: -
After enabling Uniform Bucket-Level Access for all buckets, verify that the misconfiguration has been remediated by checking the IAM policy for each bucket again: