Ensure the Spaces bucket is private
Description
This policy checks whether a DigitalOcean Spaces bucket has public read access enabled. Public read access allows anyone to access the data stored in the bucket, which can lead to data breaches and unauthorized access. It is essential to restrict access to sensitive data to prevent potential security risks. By ensuring the bucket is private, you can control who has access to the data and reduce the risk of data exposure.
Code Example
terraform
resource "digitalocean_spaces_bucket" "example" {
acl = "private"
}Remediation
Ensure the Spaces bucket does not allow public read access by setting the ACL to 'private'.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0832 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | digitalocean_spaces_bucket |
| Checkov ID | CKV_DIO_3 |