Object Storage buckets should not be publicly accessible

oci-object-storage
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

To prevent unauthorized access to sensitive data, Oracle Cloud Infrastructure (OCI) Object Storage buckets should not be configured with public read access. By default, OCI Object Storage buckets are created with private access, but users with sufficient permissions can enable public access at the bucket level. Public access can lead to accidental data exposure, data breaches, and compliance violations.

This rule checks the public_access_type configuration of OCI buckets and fails when buckets are configured with:

  • ObjectRead - Allows public read access to all objects in the bucket
  • ObjectReadWithoutList - Allows public read access to objects when the exact object name is known

Remediation

To secure your OCI Object Storage bucket, ensure that the public_access_type is set to NoPublicAccess or is not configured (defaults to private). For guidance on configuring Object Storage bucket visibility, refer to the Securing Object Storage section of the Oracle Cloud Infrastructure Documentation.