Merge branch 'dev' of github.com:GoogleCloudPlatform/forseti-security…

… into dev
forseti-security · Aug 28, 2018 · 02323bd · 02323bd
2 parents d80d53e + e47b2aa
commit 02323bd
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/rules/iam_rules.yaml b/rules/iam_rules.yaml
@@ -28,6 +28,19 @@ rules:
           - user:*@{DOMAIN}
           - group:*@{DOMAIN}
 
+  - name: Prevent public users from having access to buckets via IAM
+    mode: blacklist
+    resource:
+      - type: bucket
+        applies_to: self
+        resource_ids:
+          - '*'
+    inherit_from_parents: true
+    bindings:
+      - role: '*'
+        members:
+          - allUsers
+
   # Below are the example rules that you can reference to create your own custom rule.
   #- name: Allow only service accounts to have access
   #  mode: whitelist