Cloud Storage bucket has a sufficient Retention Policy period
cloudstorage_bucket_sufficient_retention_period
Cloud Storage bucket has a bucket-level Retention Policy with a retentionPeriod that meets or exceeds the organization-defined minimum, preventing deletion or modification of objects before the required time.
Risk
Insufficient or missing retention allows premature deletion or modification of objects, weakening data recovery and compliance with retention requirements.
prowler gcp --checks cloudstorage_bucket_sufficient_retention_period
Recommendation
Define and apply a bucket-level Retention Policy that meets your minimum retention requirement (e.g., 90 or 365 days) to enforce data recoverability and compliance.
Remediation
gcloud storage buckets update gs://<BUCKET_NAME> --retention-period=<SECONDS>
- Console → Storage → Buckets → <BUCKET_NAME>
- Tab 'Configuration' → 'Retention policy'
- Set the required retention period (e.g., 90 or 365 days) and save
- (Optional) Lock the policy if required by compliance
Source Code
Resource Type
storage.googleapis.com/Bucket