Policy Settings
The GCP CIS v2.0.0 - Section 5 - Storage policy pack has 9 policy settings:
| Policy | Setting | Note |
|---|---|---|
| GCP > Storage > Bucket > Access Control | Check: Uniform | GCP CIS v2.0.0 - Control: 5.2 |
| GCP > Storage > Bucket > Policy > Trusted Access | Check: Trusted Access > * | GCP CIS v2.0.0 - Control: 5.1 |
| GCP > Storage > Bucket > Policy > Trusted Access > All Authenticated | Do not allow allAuthenticatedUsers | GCP CIS v2.0.0 - Control: 5.1 |
| GCP > Storage > Bucket > Policy > Trusted Access > All Users | Do not allow allUsers | GCP CIS v2.0.0 - Control: 5.1 |
| GCP > Storage > Bucket > Policy > Trusted Access > Domains | - "example.com" - "example-dev.org" | GCP CIS v2.0.0 - Control: 5.1 |
| GCP > Storage > Bucket > Policy > Trusted Access > Groups | - "notification@example.com" - "email@example.com" | GCP CIS v2.0.0 - Control: 5.1 |
| GCP > Storage > Bucket > Policy > Trusted Access > Projects | - "dev-aaa" - "dev-aab" | GCP CIS v2.0.0 - Control: 5.1 |
| GCP > Storage > Bucket > Policy > Trusted Access > Service Accounts | - "project-owner@dev-aaa.iam.gserviceaccount.com" - "project-operator@dev-aaa.iam.gserviceaccount.com" | GCP CIS v2.0.0 - Control: 5.1 |
| GCP > Storage > Bucket > Policy > Trusted Access > Users | - "acme@example.com" - "johndoe@example.com" | GCP CIS v2.0.0 - Control: 5.1 |