OCI Object Storage bucket is publicly accessible
Description
This policy identifies the OCI Object Storage buckets that are publicly accessible. Monitoring and alerting on publicly accessible buckets will help in identifying changes to the security posture and thus reduces risk for sensitive data being leaked. It is recommended that no bucket be publicly accessible.
Code Example
go
resource "oci_objectstorage_bucket" "pass2" {
...
access_type = "NoPublicAccess"
...
}Remediation
- OCI Console*
. Login to the OCI Console
. Type the resource reported in the alert into the Search box at the top of the Console.
. Click the resource reported in the alert from the Resources submenu
. Click on the Edit Visibility
. Select Visibility as Private
. Click Save Changes === Fix - Buildtime
Terraform
- Resource: oci_objectstorage_bucket
- Arguments: access_type
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1237 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OCI_10 |