ASSOCIATED DRATA CONTROL
This test is part of the Cloud Data Storage Restricted control that ensures read/write access to cloud data storage is configured to restrict public access.
WHAT TO DO IF A TEST FAILS
If Drata finds that you have one or more publicly exposed cloud data stores the test will fail. With a failed test you will receive a list of cloud data store names that are publicly exposed.
To remediate a failed test you will need to update you access configuration(s) to block public access to the exposed cloud data stores.
STEPS FOR PASSING
To ensure a validated state when testing that restricted access has been applied to cloud data storage, please follow the steps listed in the table below. Once the provider steps have been completed, navigate back to Drata and execute the test.
Provider / Technology | Provider Steps |
AWS - S3 | New bucket creation
Edit existing bucket
NOTE: Currently the account-level setting for "block public access" is not supported. |
Azure - Storage Accounts |
To verify the container's public access level:
To verify the Network Access level go to the storage account and click on Networking from the left menus:
Note: the following container and storage account levels will pass the test successfully:
|
Digital Ocean - Spaces |
When connecting Digital Ocean within Drata please follow the "connect with spaces" flow. |
GCP - Storage |
|
HELPFUL RESOURCES