To investigate and remediate the issue of public access to Cloud Storage buckets, you can follow these steps:
Change Bucket Permissions:
Navigate to the Cloud Storage section in the Google Cloud Console.
For each affected bucket, remove any public access permissions (e.g., removing allUsers or allAuthenticatedUsers from the IAM policy).
Ensure that only authorized users have the necessary permissions to access the buckets.
Query Data Access Audit Logs:
Go to the Logging section in the Google Cloud Console.
Query the audit logs for the affected buckets to identify any unauthorized access. You can use filters to search for access by unauthorized users.
Correct the Misconfiguration:
After correcting the permissions, mute the relevant findings in the Security Command Center to indicate that the issue has been resolved.
This helps in maintaining a clear view of ongoing security issues and ensures the findings are not flagged again unless there's a new occurrence.
By following these steps, you ensure that the buckets are no longer publicly accessible, investigate any potential unauthorized access, and update the Security Command Center status to reflect the resolution of the issue.
Cloud Storage IAM Permissions
Viewing Audit Logs
Security Command Center Documentation
