OCI-013 Oracle Cloud Infrastructure (OCI)

No Object Storage bucket has public access.

No Object Storage bucket has public access.

Domain
Oracle Cloud Infrastructure (OCI)
Area
Object Storage
Automated / manual
Automated

Risk if it fails

Public buckets leak data.

A bucket set to public publishes its files to the open internet, where anyone — and every search engine — can find and download them.

How Tess tests it

1 test — each concludes only on cited evidence.

No Object Storage bucket has public access.

Automated
Procedure
List buckets and confirm public-access-type is NoPublicAccess.

Read-only command 

for b in $(oci os bucket list --compartment-id <compartment-ocid> --query 'data[].name' --raw-output); do oci os bucket get --bucket-name $b --query 'data.{name:name,access:"public-access-type"}'; done

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal.

Want Tess to test OCI-013 against your evidence?

Book a demo