Resource Type: GCP > Storage > Bucket

Resource Context

Bucket is a part of the Storage service.

Each Bucket lives under a Region.

Controls

The primary controls for GCP > Storage > Bucket are:

• Access Control
• Active
• Approved
• CMDB
• Discovery
• Encryption at Rest
• Intelligent Assessment
• Labels
• Policy
• Usage
• Versioning

It is also targeted by these controls:

• GCP > CIS v1 > 5 Storage > 5.01 Ensure that Cloud Storage bucket is not anonymously or publicly accessible (Scored)
• GCP > CIS v1 > 5 Storage > 5.03 Ensure that logging is enabled for Cloud storage buckets (Scored)
• GCP > CIS v2.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
• GCP > CIS v2.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
• GCP > CIS v2.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
• GCP > CIS v3.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
• GCP > CIS v3.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
• GCP > CIS v3.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
• GCP > CIS v4.0 > 2 - Logging and Monitoring > 2.03 - Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
• GCP > CIS v4.0 > 5 - Storage > 5.01 - Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible
• GCP > CIS v4.0 > 5 - Storage > 5.02 - Ensure That Cloud Storage Buckets Have Uniform Bucket-Level Access Enabled
• GCP > Storage > Object > Discovery

Quick Actions

• Delete
• Router
• Set Fine-grained Access Control
• Set Labels
• Set Trusted Access
• Set Uniform Access Control
• Set Versioning
• Update Access Control
• Update Encryption At Rest

Category

• Storage > Container

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/gcp-storage#/resource/types/bucket

Category URI

tmod:@turbot/turbot#/resource/categories/storageContainer

GraphQL

query resource(id: "tmod:@turbot/gcp-storage#/resource/types/bucket") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/gcp-storage#/resource/types/bucket'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/gcp-storage#/resource/types/bucket"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-storage#/resource/types/bucket';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-storage#/resource/types/bucket"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-storage#/resource/types/bucket' and notification_type in ('resource_updated', 'resource_created');