Ensure Alibaba Cloud OSS bucket is not public
Error: Alibaba Cloud OSS bucket is public
Bridgecrew Policy ID: BC_ALI_GENERAL_5
Checkov Check ID: CKV_ALI_1
Severity: LOW
Alibaba Cloud OSS bucket is public
Description
This policy identifies Object Storage Service (OSS) buckets which are publicly accessible. Alibaba Cloud OSS allows customers to store and retrieve any type of content from anywhere on the web. Often, customers have legitimate reasons to expose the OSS bucket to the public, for example, to host website content. However, these buckets often contain highly sensitive enterprise data which if left open to the public may result in sensitive data leaks.
Fix - Runtime
Alibaba Cloud Portal
- Log in to Alibaba Cloud Portal
- Go to Object Storage Service
- In the left-side navigation pane, click on the reported bucket
- In the 'Basic Settings' tab, In the 'Access Control List (ACL)' Section, Click on 'Configure'
- For 'Bucket ACL' field, Choose 'Private' option
- Click on 'Save'
Fix - Buildtime
Terraform
resource "alicloud_oss_bucket" "good-bucket" {
bucket = "bucket-1732-acl"
acl = "private"
}
Updated about 2 months ago