Control: GCP > CIS v1 > 5 Storage > 5.03 Ensure that logging is enabled for Cloud storage buckets (Scored)

Configures auditing against a CIS Benchmark item.

Level: 1 (Scored)

Storage Access Logging generates a log that contains access records for each request made to the Storage bucket. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. Cloud Storage offers access logs and storage logs in the form of CSV files that can be downloaded and used for analysis/incident response. Access logs provide information for all of the requests made on a specified bucket and are created hourly, while the daily storage logs provide information about the storage consumption of that bucket for the last day. The access logs and storage logs are automatically created as new objects in a bucket that you specify. An access log record contains details about the request, such as the request type, the resources specified in the request worked, and the time and date the request was processed. While storage Logs helps to keep track the amount of data stored in the bucket. It is recommended that storage Access Logs and Storage logs are enabled for every Storage Bucket.

Resource Types

This control targets the following resource types:

GCP > Storage > Bucket

Policies

This control type relies on these other policies when running actions:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-cisv1#/control/types/r0503

Category URI

tmod:@turbot/cis#/control/categories/v070602

GraphQL

query controlType(id: "tmod:@turbot/gcp-cisv1#/control/types/r0503") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-cisv1#/control/types/r0503'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv1#/control/types/r0503"