OSS Bucket Public Access Enabled

  • Query id: 62232513-b16f-4010-83d7-51d0e1d45426
  • Query name: OSS Bucket Public Access Enabled
  • Platform: Terraform
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

OSS Bucket should have public access disabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "alicloud_oss_bucket" "bucket_public_access_enabled2" {
  bucket = "bucket-170309-acl"
  acl    = "public-read"
}
Positive test num. 2 - tf file
resource "alicloud_oss_bucket" "bucket_public_access_enabled3" {
  bucket = "bucket-170309-acl"
  acl    = "public-read-write"
}

resource "alicloud_oss_bucket" "bucket-logging" {
  bucket = "bucket-170309-logging"

  logging {
    target_bucket = alicloud_oss_bucket.bucket-target.id
    target_prefix = "log/"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_oss_bucket" "bucket_public_access_enabled1" {
  bucket = "bucket-170309-acl"
  acl    = "private"
}
Negative test num. 2 - tf file
resource "alicloud_oss_bucket" "bucket_public_access_enabled4" {
  bucket = "bucket-170309-acl"
}