Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-ibm-compliance
Overview
1Dashboards
67Benchmarks
20Queries
0Variables
GitHub

Control: 2.1.5 Disable public (anonymous) access to IBM Cloud Object Storage buckets

Description

You can disable public (anonymous) access to IBM Cloud Object Storage buckets.

Remediation

From Console

To disable public access for buckets, complete the following steps:

  1. Log in to IBM Cloud.
  2. From the Menu bar, click Manage > Access (IAM).
  3. Click Access groups.
  4. Click Public Access to see a list of all public access policies currently in use.
  5. Find the policy that corresponds to the bucket that you want to return to enforced access control.
  6. From the list of actions, select Remove.
  7. Confirm that you want to remove the policy. The policy is removed from the bucket.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_2_1_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_2_1_5 --share

SQL

This control uses a named query:

with account_public_access as (
  select
    name,
    id,
    account_id,
    count(*) as public_access_grp_no
  from
    ibm_iam_access_group
  where name = 'Public Access'
  group by name,id,account_id
)
select
  id as resource,
  case
    when name is null then 'ok'
    else 'alarm'
  end as status,
  case
    when name is null then 'No public access group configured in account.'
    else name || ' group configured in account.'
  end as reason,
  account_id
from
  account_public_access;

Tags

category = Compliance
cis = true
cis_item_id = 2.1.5
cis_level = 1
cis_section_id = 2.1
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/Storage