- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
It is recommended that IAM policies on Cloud Storage buckets do not allow anonymous or public access.
With anonymous or public access, anyone has permission to access bucket content. Such access might not be desired if you are storing sensitive data, so ensure that anonymous or public access to a bucket is not allowed.
To implement access restrictions on buckets, configuring Bucket IAM is preferred over configuring Bucket ACL. In the GCP console, the Edit Permissions button for a bucket exposes IAM configurations only. Bucket ACLs are configured to automatically implement and support user-enforced Bucket IAM policies. If an administrator changes a Bucket ACL using command-line gsutils or the API, the associated bucket IAM policy is also updated automatically.
Storage buckets are not publicly accessible. You have to explicitly administer bucket access.
You can prevent Storage buckets from becoming publicly accessible by setting up the Domain restricted sharing
organization policy at:
https://console.cloud.google.com/iam-admin/orgpolicies/iam-allowedPolicyMemberDomains
By default, Storage buckets are not publicly accessible.
Storage browser
at https://console.cloud.google.com/storage/browser.Bucket details
page.Permissions
tab.Delete
button in front of allUsers
and allAuthenticatedUsers
to remove that particular role assignment.Remove allUsers
and allAuthenticatedUsers
access.
gsutil iam ch -d allUsers gs://BUCKET_NAME
gsutil iam ch -d allAuthenticatedUsers gs://BUCKET_NAME