Object Storage buckets should not be publicly accessible

oci-object-storage
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

To prevent unauthorized access to sensitive data, Oracle Cloud Infrastructure (OCI) Object Storage buckets should not be configured with public read access. By default, OCI Object Storage buckets are created with private access, but users with sufficient permissions can enable public access at the bucket level. Public access can lead to accidental data exposure, data breaches, and compliance violations.

This rule checks the public_access_type configuration of OCI buckets and fails when buckets are configured with:

  • ObjectRead - Allows public read access to all objects in the bucket
  • ObjectReadWithoutList - Allows public read access to objects when the exact object name is known

Remediation

To secure your OCI Object Storage bucket, ensure that the public_access_type is set to NoPublicAccess or is not configured (defaults to private). For guidance on configuring Object Storage bucket visibility, refer to the Securing Object Storage section of the Oracle Cloud Infrastructure Documentation.