Ensure OSS Bucket Public Access is Disabled

Access control lists (ACLs) are used to control access to Object Storage Service (OSS) buckets and objects stored in OSS buckets. After a request is sent to access data stored in OSS, OSS checks the ACL of the data and verifies whether the requester has required permissions. You can configure the ACL of a bucket when you create the bucket. You can also modify the ACL of an existing bucket based on your requirements. Only the owner of a bucket can configure or modify the ACL of the bucket.

Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD021

REMEDIATION

set acl to 'private'

- acl     = "public-read"
+ acl     = "private"

https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/oss_bucket#acl
https://www.alibabacloud.com/help/en/object-storage-service/latest/configure-the-acl-of-a-bucket

Updated about 2 months ago

REMEDIATION

Read more: