Pipes
Guardrails
Open Source
Blog
About

Overview Docs Hub Blog Pricing

Loading...

On this page

Prerequisites
Step 1: Open the Controls by State report
Step 2: Filter on controls for bucket access control
Step 3: Create test GCP buckets
Step 4: View newly created buckets
Step 5: Review
Next Steps
Progress tracker

Get Involved

Edit on GitHub

Review Project-Wide Bucket Access Control

In this guide you’ll see how a single Policy Pack can govern all resources across a project.

This is the fifth guide in the Getting started with GCP series.

Prerequisites

Completion of the previous guides in this series.
Access to the Guardrails console with administrative privileges.

Step 1: Open the Controls by State report

Navigate back to the Controls by State report (or use your saved bookmark), expand the Type dropdown, and search for gcp storage bucket access control. Enable the checkbox next to GCP > Strorage > Bucket > Access Control to set the filter.

Step 2: Filter on controls for bucket access control

Your test bucket is in the Alarm (red) state: out of policy. Other buckets in the project, if created with the default uniform access, are in the OK (green) state: in policy.

Step 3: Create test GCP buckets

Return to the GCP console and (as you did in the Observe Resource Activity guide) create three new buckets with access control set to Fine-grained. For the example, we will create the following new buckets:

guardrails_bucket_example_02
guardrails_bucket_example_03
guardrails_bucket_example_04

Keep your names similar and consistent so you can easily filter and see all your test buckets together.

Step 4: View newly created buckets

As you create the new buckets, Guardrails detects them and evaluates their configuration relative to your policies. By changing our search string we can see all buckets at the same time.

The new buckets are in the Alarm state because, as with the first one, you set access control to Fine-grained. The current policy requires all buckets to have uniform access enabled.