Google Cloud Storage bucket can be accessed by any user


A misconfigured Google Cloud Storage bucket IAM policy allows any unauthenticated user access to a storage bucket.

IAM polices are the primary mechanism for controlling access to storage buckets. Publicly exposed buckets frequently lead to data breaches by exposing sensitive data or allowing an external user to write files in your bucket.


  1. Identify the IAM policy assigned to the Cloud Storage bucket.
  2. Identify baseline permissions of the Cloud Storage bucket using Policy Analyzer.
  3. Scope the Cloud Storage bucket policy to grant only the required permissions and principals using Policy Simulator. For further guidance, refer to Public access prevention.