Ensure Alibaba Cloud OSS Bucket is Not Accessible To Public
ActionTrail logs a record of every API call made in your Alibaba Cloud account. These logs file are stored in an OSS bucket. It is recommended that the access control list (ACL) of the OSS bucket, which ActionTrail logs to, shall prevent public access to the ActionTrail logs
Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD002
REMEDIATION
set oss_bucket_name
to 'private'
- acl = "public-read"
+ acl = "private"
Read more:
Updated over 1 year ago