Ensure Alibaba Cloud OSS Bucket is Not Accessible To Public

ActionTrail logs a record of every API call made in your Alibaba Cloud account. These logs file are stored in an OSS bucket. It is recommended that the access control list (ACL) of the OSS bucket, which ActionTrail logs to, shall prevent public access to the ActionTrail logs

Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD002

REMEDIATION

set oss_bucket_name to 'private'

- acl           = "public-read"
+ acl           = "private"

Read more: