Ensure OCI Object Storage is not Public

Error: OCI Object Storage bucket is publicly accessible
Bridgecrew Policy ID: BC_OCI_STORAGE_6
Checkov Check ID: CKV_OCI_10
Severity: HIGH

OCI Object Storage bucket is publicly accessible

Description

This policy identifies the OCI Object Storage buckets that are publicly accessible. Monitoring and alerting on publicly accessible buckets will help in identifying changes to the security posture and thus reduces risk for sensitive data being leaked. It is recommended that no bucket be publicly accessible.

Fix - Runtime

OCI Console

  1. Login to the OCI Console
  2. Type the resource reported in the alert into the Search box at the top of the Console.
  3. Click the resource reported in the alert from the Resources submenu
  4. Click on the Edit Visibility
  5. Select Visibility as Private
  6. Click Save Changes

Fix - Buildtime

Terraform

  • Resource: oci_objectstorage_bucket
  • Arguments: access_type
resource "oci_objectstorage_bucket" "pass2" {
...
  access_type           = "NoPublicAccess"
...
}