gcp.bucket

Filters

• event

• reduce

• value

Actions

• notify

• post-finding

• set-uniform-access

• webhook

set-uniform-access

Uniform access disables object ACLs on a bucket.

Enabling this means only bucket policies (and organization bucket policies) govern access to a bucket.

When enabled, users can only specify bucket level IAM policies and not Object level ACL’s.

Example Policy:

policies:
 - name: enforce-uniform-bucket-level-access
   resource: gcp.bucket
   filters:
    - iamConfiguration.uniformBucketLevelAccess.enable: false
   actions:
    - type: set-uniform-access
      # The following is also the default
      state: true

properties:
  state:
    type: boolean
  type:
    enum:
    - set-uniform-access
required:
- type

Permissions - storage.buckets.update