Google Cloud Storage
      Back to home
      1. Knowledge Base
      2. GCP Knowledge Base
      3. Google Cloud Storage

      Storage Bucket Retention Policy Not Set

      Ensures that storage buckets have retention policies configured.

      Risk Level: Medium

      Description

      This plugin ensures the bucket retention policy is set.  Google Cloud Storage allows you to add a retention policy to the storage buckets to set a retention period. This ensures that the buckets do not get accidentally deleted until the retention period ends.

      About the Service

      Google Cloud Storage:

      Google Cloud Storage is a service that provides dependable and secure storage classes for any workload, allowing users to select cost-effective storage alternatives based on their requirements. You can effortlessly move data to Cloud storage and benefit from its strong security and scalability features. To know more, read here

      Impact

      If a storage bucket does not have a retention policy, the objects in the bucket can be deleted or replaced at any time. This poses a risk because the buckets could be accidentally deleted or modified, resulting in data loss.

      Steps to Reproduce

      Using GCP Console-

      1. Log In to your GCP Console.
      2. From the top navigation bar, select the GCP project you want to investigate.
      3. From the navigation panel on the left side of the console, go to Cloud Storage and select Browser. You can use this link here to navigate directly if you’re already logged in.
      4. In the list of buckets available, check the Protection column to find out which buckets do not have Retention policy configured. The retention period will be displayed if the bucket has a retention policy. If this isn't the case, the bucket's retention policy hasn't been set up.
      5. If you have multiple projects, repeat steps 2 to 4 for each project in your GCP Console. 

      Steps for Remediation

      Determine whether or not you truly do not require the retention policy to be set. If not, make the necessary changes to configure it using the steps below.


      Using GCP Console-

      1. Log In to your GCP Console.
      2. From the top navigation bar, select the GCP project you want to investigate.
      3. From the navigation panel on the left side of the console, go to Cloud Storage and select Browser. You can use this link here to navigate directly if you’re already logged in.
      4. Select the storage bucket you want to reconfigure from the list of buckets displayed and go to the PROTECTION tab of the selected bucket. (In case you aren’t sure which storage bucket needs to be configured, follow the steps to reproduce listed above to determine which to choose.)
      5. In the Retention policy section, click on the SET RETENTION POLICY button.

      6. In the Set a retention policy dialog box, fill in your desired Retention period and click SAVE.


      7. Repeat steps 4 to 6 for all the buckets you want to reconfigure in the selected project.
      8. If you have multiple projects, repeat steps 2 to 7 for each project in your GCP console.