Skip to content

Prowler Documentation

Bucket logs to itself

prowler-cloud/prowler

Bucket logs to itself

Description

A check to ensure that the specified logging bucket is not itself. A bucket must not log access to itself, logging requires a second separate bucket.

Fix - Buildtime

Terraform

Resource: google_storage_bucket
This check will trigger if you attempt to self reference:

resource "google_storage_bucket" "mylovelybucket" {
  name     = "mylovelybucket"
  location = var.location
  uniform_bucket_level_access = true
  logging {
    log_bucket = "mylovelybucket"
    }
}