Uniform bucket-level access is disabled Affecting Cloud Storage service in Google

Snyk CCSS

Data / Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CIS-Google CSA-CCM HIPAA ISO-27001 SOC-2

Snyk ID SNYK-CC-00369
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Uniform bucket-level access disables ACLs so that only Cloud IAM is used for permissions. This ensures that bucket-level and/or project-level permissions will be the same as object-level permissions.

How to fix?

Set uniform_bucket_level_access attribute to true.

Example Configuration

resource "google_storage_bucket" "default" {
  name = "valid-uniform-access"
  force_destroy = true
  uniform_bucket_level_access = true
}

Terraform

Resource: google_storage_bucket

References

Uniform bucket-level access