Ensure storage bucket does not have public access permissions.
Description
This policy checks whether public access is enabled for Yandex storage buckets. Public access to storage buckets can lead to unauthorized data access, modification, or deletion, which can have severe security and compliance implications. It is essential to restrict access to storage buckets to only authorized users and services. The rule checks for public access permissions in the 'acl' and 'grant' blocks of the storage bucket configuration.
Code Example
terraform
resource "yandex_storage_bucket" "example" {
acl = "private"
}Remediation
Ensure the bucket does not allow public access by setting the 'acl' to 'private' or removing the 'grant' block with public access.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1350 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | yandex_storage_bucket |
| Checkov ID | CKV_YC_17 |