CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsGoogle Cloud Storage (GCS) provides automatic encryption at rest, ensuring the security of your data. By default GCS encrypts your stored information using robust encryption mechanisms without any extra configuration. Additionally, you have the option to enhance security further by implementing Customer-Managed Encryption Keys with GCS.
Set the encryption.default_kms_key_name
option in the storage bucket configuration.
data "google_project" "project"{}
resource "google_kms_crypto_key" "my-key" {
name = "crypto-key-example-11"
key_ring = "projects/test-project/locations/us-central1/keyRings/keyring-example-714"
purpose = "ENCRYPT_DECRYPT"
}
data "google_storage_project_service_account" "gcs_account" {
}
resource "google_kms_crypto_key_iam_binding" "binding" {
crypto_key_id = google_kms_crypto_key.my-key.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
members = [
"serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}",
]
}
resource "google_storage_bucket" "allowed" {
name = "storage-buck-rule-722"
location = "us-central1"
force_destroy = true
encryption {
default_kms_key_name = google_kms_crypto_key.my-key.id
}
depends_on = [google_kms_crypto_key_iam_binding.binding]
}