How to resolve Sprnito check for enabling uniform bucket level access on GCP Cloud Storage Buckets

About

Sprinto check: GCP Cloud Storage should be uniform bucket level access enabled

Cloud storage buckets in services like Google Cloud Platform (GCP) offer various mechanisms for managing access permissions to stored data. One crucial aspect is ensuring uniformity and simplicity in granting access to these resources. The Sprinto check focuses on verifying whether uniform bucket-level access is enabled for Cloud Storage buckets, streamlining access management, and enhancing security.

Purpose

It is recommended to use uniform bucket-level access to unify and simplify how you grant access to your Cloud Storage resources. Cloud Storage offers two systems for granting users permission: Cloud Identity and Access Management (Cloud IAM) and Access Control Lists (ACLs). While both systems can grant access, using uniform bucket-level access ensures that access to Cloud Storage resources is exclusively managed through Cloud IAM, enhancing consistency and security.

Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either. It also revokes access from users who gain their access solely through object ACLs, reducing the potential for misconfigurations and unauthorized access.

How to resolve this check

Follow the below steps to resolve this check:

1. Log in to the GCP Console using your credentials.

2. Open the Cloud Storage Browser.

3. Select your the bucket from the list to configure bucket-level access.

4. Select the Permission tab at the top of the page.

5. Click Edit for “This bucket uses fine-grained access control…” text box.

6. Select Uniform on the pop-up box, and click Save to save the changes.

Sprinto detects the configuration change, and set the check status to “Passing.”

Contact Sprinto support if you have any queries related to the check or need assistance.