Risk Level: Low
Cloud Entity: Storage Bucket
CloudGuard Rule ID: D9.GCP.LOG.01
Covered by Spectral: Yes
Category: Storage

GSL LOGIC

StorageBucket should have logging

REMEDIATION

From Command Line
In order to enable usage logs you should:

Create a bucket to store the logs:

gsutil mb gs://Bucket_for_logs_storing

Grant it with 'roles/storage.legacyBucketWriter' permissions:

gsutil iam ch group:cloud-storage-analytics@google.com:legacyBucketWriter gs://`<Bucket for logs storing>`

Enable usage logging to your desired logs:

gsutil logging set on -b gs://`<Bucket for logs storing>` gs://`<Bucket to log>`

References

Storage Bucket

Buckets are the basic containers that hold your data. Everything that you store in Cloud Storage must be contained in a bucket. You can use buckets to organize your data and control access to your data, but unlike directories and folders, you cannot nest buckets. Because there are limits to bucket creation and deletion, you should design your storage applications to favor intensive object operations and relatively few buckets operations.

Compliance Frameworks

CloudGuard GCP All Rules Ruleset
GCP CIS Foundations v. 1.0.0
GCP CSA CCM v.3.0.1
GCP CloudGuard Best Practices
GCP CloudGuard CheckUp
GCP GDPR Readiness
GCP HIPAA
GCP ISO 27001:2013
GCP LGPD regulation
GCP MITRE ATT&CK Framework v12.1
GCP NIST 800-53 Rev 4
GCP NIST 800-53 Rev 5
GCP NIST CSF v1.1
GCP PCI-DSS 3.2
GCP PCI-DSS 4.0