OBS Bucket Policies Do Not Allow Blacklisted Actions
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
obs-bucket-blacklisted-actions-prohibited |
|
Identifier |
obs-bucket-blacklisted-actions-prohibited |
|
Description |
If an OBS bucket has a policy that allows blacklisted actions for principals from other accounts, this bucket is non-compliant. |
|
Tag |
obs, access-analyzer-verified |
|
Trigger Type |
Configuration change |
|
Filter Type |
obs.buckets |
|
Rule Parameters |
blockedActionsPatterns: Blacklisted actions. |
Application Scenarios
A bucket policy applies to the configured OBS bucket and objects in the bucket. You can use bucket policies to control the access of IAM users or other account to your OBS buckets. You are advised to apply the principle of least privilege to ensure that a bucket policy only grants necessary permissions for certain tasks.
Solution
Modify policies of non-compliant buckets with the visual editor or the JSON view to block the blacklisted actions.
Rule Logic
- If an OBS bucket does not have a policy that allows blacklisted actions for principals from other accounts, this bucket is compliant.
- If an OBS bucket has a policy that allows blacklisted actions for principals from other accounts, this bucket is non-compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
