DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Terraform

Terraform

By DeepSource

Use Analyzer

GCP cloud storage bucket with uniform bucket-level access are disabled TF-S2029

Security

For a user to access a Cloud Storage resource, only one of the systems needs to grant the user permission. Cloud IAM is used throughout Google Cloud and allows you to grant various permissions at bucket and project levels. ACLs have limited permission options, are used only by Cloud Storage, and will enable you to grant permissions on a per-object basis.

Cloud Storage has uniform bucket-level access that supports a uniform permission system. Using this feature disables ACLs for all Cloud Storage resources and guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible.

It is recommended to enable uniform bucket-level access on Cloud Storage buckets. Uniform bucket-level access is used to unify and simplify how you grant access to your Cloud Storage resources.

Recommended

resource "google_storage_bucket" "recommended" {
    name     = "store_bucket"
    bucket_policy_only = true
    uniform_bucket_level_access = true
}