Google Cloud Armor

Protect your services against denial of service and web attacks.

View documentation for this product.

Google Cloud Armor: Defending your services

Google Cloud Armor: Defending your services

When you stand up applications on Google Cloud, you benefit from DDoS and web attack protection at Google-scale. Google Cloud Armor works with our Global Cloud Load Balancing infrastructure and provides always-on attack detection and mitigation so you can run your business without interruption.

Enterprise-grade DDoS defense

Google Cloud Armor works with the Global HTTP(S) Load Balancer to provide built-in defenses against Layer 3 and Layer 4 infrastructure DDoS attacks. Google Cloud Armor benefits from more than a decade of experience protecting the world’s largest internet properties like Google Search, Gmail, and YouTube.

Mitigate OWASP Top 10 risks

Google Cloud Armor offers a flexible rules language to help you customize your defenses and mitigate multivector attacks. It also provides predefined rules to help defend against cross-site scripting (XSS) and SQL injection (SQLi) attacks.

Rich language for custom defense

Google Cloud Armor’s flexible rules language enables you to customize your defenses and mitigate web attacks by deploying custom application firewall rules. With Cloud Armor, users are able to program Google’s edge infrastructure to block unwanted traffic at scale far upstream of their infrastructure.

Partner ecosystem

Google Cloud Armor works with security offerings from security partners, enabling you to build a comprehensive security model for your GCP services.

Features

Pre-defined rules to protect against the web’s most common attacks

Out-of-the-box  rules from the Mod Security Core Rule Set to defend against cross-site scripting (XSS) and SQL injection defense.

Rich Rules Language

Create rules using any combination of L3–L7 parameters and geolocation to protect your deployment with a flexible rules language. Also use predefined rules to defend against cross-site scripting (XSS) and SQL injection defense.

Visibility and monitoring

Easily monitor all of the metrics associated with your security policies in the Stackdriver monitoring dashboard. You can also view suspicious application traffic patterns from Cloud Armor directly in the Cloud Security Command Center dashboard, now in beta.

Logging

Get visibility into Cloud Armor decisions as well as the implicated policies and rules on a per-request basis via Stackdriver Logging.

Preview mode

Deploy Cloud Armor rules in preview mode to understand service access patterns, rule accuracy, and impact on production traffic before enabling active enforcement in your policies and to ensure safe operation of your applications.

Policy framework with rules

Configure one or more security policies with a hierarchy of rules. Apply a policy to one or more services.

IP-based and geo-based access control

Filter your incoming traffic based on IPv4 and IPv6 addresses or CIDRs. Identify and enforce access control based on geographic location of incoming traffic.

Google Cloud Armor is a great example of how Google continues to innovate on its pervasive defense-in-depth security strategy, providing a rich layer of security control that can be managed at the network edge. Thank you, Google!

Matt Hite, Network Engineer, Evernote

Technical resources

Pricing

  Google Cloud Armor Price
Policy Charge $5 per Google Cloud Armor policy per month
Per Rule Charge $1 per rule per policy per month
Incoming Requests Charge* $0.75 per million HTTP(S) requests

*Promotion: Until December 31, 2019, your queries-per-month charges across all projects in a billing account are capped at $500.

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

Google Cloud

Get started

Learn and build

New customers get $300 in free credits to learn and build on Google Cloud for up to 12 months.

Need more help?

Our experts will help you build the right solution or find the right partner for your needs.

A product or feature listed on this page is in beta. For more information on our product launch stages, see here.