By default when I create a storage bucket (terraform code here) the following IAM policy is added to it:

bindings:
  - members:
      - projectEditor:try-buckdef-660n
      - projectOwner:try-buckdef-660n
    role: roles/storage.legacyBucketOwner
  - members:
      - projectViewer:try-buckdef-660n
    role: roles/storage.legacyBucketReader
  - members:
      - projectEditor:try-buckdef-660n
      - projectOwner:try-buckdef-660n
    role: roles/storage.legacyObjectOwner
  - members:
      - projectViewer:try-buckdef-660n
    role: roles/storage.legacyObjectReader
etag: CAE=

Is there some way this behaviour can be changed, I don't want bucket content to be readable by all project viewers by default.

I can of course just not assign `role/viewer` to anyone but I'm still not very happy with this behaviour.