By DeepSource

GCP cloud storage bucket with uniform bucket-level access are disabled TF-S2029


For a user to access a Cloud Storage resource, only one of the systems needs to grant the user permission. Cloud IAM is used throughout Google Cloud and allows you to grant various permissions at bucket and project levels. ACLs have limited permission options, are used only by Cloud Storage, and will enable you to grant permissions on a per-object basis.

Cloud Storage has uniform bucket-level access that supports a uniform permission system. Using this feature disables ACLs for all Cloud Storage resources and guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible.

It is recommended to enable uniform bucket-level access on Cloud Storage buckets. Uniform bucket-level access is used to unify and simplify how you grant access to your Cloud Storage resources.


resource "google_storage_bucket" "recommended" {
    name     = "store_bucket"
    bucket_policy_only = true
    uniform_bucket_level_access = true