Storage Bucket Does Not Have Access And Storage Logging Enabled

Checks to verify that the configuration on the Storage Buckets is enabled for access logs and storage logs.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

Storage Bucket does not have Access and Storage Logging enabled.
JSON Query:
$.resource[*].google_storage_bucket exists and ($.resource[*].google_storage_bucket.*[*].*.logging anyNull or $.resource[*].google_storage_bucket.*[*].*.logging[*].log_bucket anyEmpty)
Recommendation:
Recommended solution to enable Access and Storage Logging for GCP Storage Buckets.
Ensure that Access and Storage Logging is enabled for GCP Storage Buckets. Please make sure the template has "enable_https_traffic_only" set as "true".
For example:
"google_storage_bucket": [ { "<storage_bucket_name>": [ { "logging": [ { "log_bucket": "log_a" } ], "name": "a" } ] } ]

Run Rule Recommendation

Follow the steps mentioned in the below link to enable Access and Storage logs using GSUTIL or JSON API.

Compliance

There are 12 standards that are applicable to this policy:
  • PIPEDA
  • NIST CSF
  • NIST 800-53 Rev4
  • ISO 27001:2013
  • HIPAA
  • GDPR
  • CIS v1.0.0 (GCP)
  • SOC 2
  • MITRE ATT&CK [Beta]
  • PCI DSS v3.2
  • CCPA 2018
  • CSA CCM v3.0.1

Recommended For You