F/GCP-StorageRententaionPolicy (#707)

* F/GCP-StorageRententaionPolicy * F/GCP-StorageRententaionPolicy * Update en/google/storage/storage-bucket-retention-policy.md
aquasecurity · May 28, 2024 · 6988557 · 6988557
1 parent 1cd4fe7
commit 6988557
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -364,6 +364,7 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h
         * [Database SSL Enabled](en/google/sql/database-ssl-enabled.md)
     * Storage
         * [Bucket Logging](en/google/storage/bucket-logging.md)
+        * [Storage Bucket Retention Policy](en/google/storage/storage-bucket-retention-policy.md)
         * [Bucket Versioning](en/google/storage/bucket-versioning.md)
         * [Bucket Lifecycle Configured](en/google/storage/bucket-lifecycle-configured.md)
         * [Storage Bucket All Users Policy](en/google/storage/storage-bucket-all-users-policy.md)

diff --git a/en/google/storage/storage-bucket-retention-policy.md b/en/google/storage/storage-bucket-retention-policy.md
@@ -0,0 +1,24 @@
+[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)
+
+# GOOGLE / Storage / Storage Bucket Retention Policy
+
+## Quick Info
+
+| | |
+|-|-|
+| **Plugin Title** | Storage Bucket Retention Policy |
+| **Cloud** | GOOGLE |
+| **Category** | Storage |
+| **Description** | Ensures bucket retention policy is set and locked to prevent deleting or updating of bucket objects or retention policy. |
+| **More Info** | Configuring retention policy for bucket prevents accidental deletion as well as modification of bucket objects. This retention policy should also be locked to prevent policy deletion. |
+| **GOOGLE Link** | https://cloud.google.com/storage/docs/bucket-lock?_ga=2.221806616.-1645770163.1613190642|
+| **Recommended Action** | Modify bucket to configure retention policy and lock retention policy. |
+
+## Detailed Remediation Steps
+1. Log into the Google Cloud Platform Console.
+2. Scroll down the left navigation panel and choose "Cloud Storage" to select the "Buckets" option. </br> <img src="/resources/google/storage/bucket-retention-policy/step2.png">
+3. On the "Buckets" page, select the bucket which you want to configure by clicking on its name.</br> <img src="/resources/google/storage/bucket-retention-policy/step3.png"/>
+4. Select the "PROTECTION" tab to access the protection configuration defined for selected bucket.</br> <img src="/resources/google/storage/bucket-retention-policy/step4.png"/>
+5. Scroll down to "Bucket retention policy" configuration and click on "SET RETENTION POLICY" to add the retention policy to the selected bucket</br> <img src="/resources/google/storage/bucket-retention-policy/step5.png"/>
+6. A popup panel will appear, select the desired retention period and click on "save" to save the retention policy.</br> <img src="/resources/google/storage/bucket-retention-policy/step6.png"/>
+7. Repeat steps number 4-6 to add retention policy to all other buckets in the project.</br>
diff --git a/resources/google/storage/buclet-retention-policy/step2.png b/resources/google/storage/buclet-retention-policy/step2.png
diff --git a/resources/google/storage/buclet-retention-policy/step3.png b/resources/google/storage/buclet-retention-policy/step3.png
diff --git a/resources/google/storage/buclet-retention-policy/step4.png b/resources/google/storage/buclet-retention-policy/step4.png
diff --git a/resources/google/storage/buclet-retention-policy/step5.png b/resources/google/storage/buclet-retention-policy/step5.png
diff --git a/resources/google/storage/buclet-retention-policy/step6.png b/resources/google/storage/buclet-retention-policy/step6.png