Google Cloud Armor: Defending your services
When you stand up applications on Google Cloud, you benefit from DDoS and web attack protection at Google-scale. Google Cloud Armor works with our global Cloud Load Balancing infrastructure and provides always-on attack detection and mitigation so you can run your business without interruption.
Enterprise-grade DDoS defense
Google Cloud Armor works with the Global HTTP(S) Load Balancer to provide built-in defenses against Layer 3 and Layer 4 infrastructure DDoS attacks. Google Cloud Armor benefits from more than a decade of experience protecting the world’s largest internet properties like Google Search, Gmail, and YouTube.
Mitigate OWASP Top 10 risks
Google Cloud Armor offers a flexible rules language to help you customize your defenses and mitigate multivector attacks. It also provides predefined rules to help defend against cross-site scripting (XSS) and SQL injection (SQLi) attacks.
Rich language for custom defense
Google Cloud Armor’s flexible rules language enables you to customize your defenses and mitigate web attacks by deploying custom application firewall rules. With Cloud Armor, users are able to program Google’s edge infrastructure to block unwanted traffic at scale far upstream of their infrastructure.
Google Cloud Armor works with security offerings from security partners, enabling you to build a comprehensive security model for your GCP services.
Pre-defined rules to protect against the web’s most common attacks
Out-of-the-box rules from the Mod Security Core Rule Set to defend against cross-site scripting (XSS) and SQL injection defense.
Rich Rules Language
Create rules using any combination of L3–L7 parameters and geolocation to protect your deployment with a flexible rules language. Also use predefined rules to defend against cross-site scripting (XSS) and SQL injection defense.
Visibility and monitoring
Easily monitor all of the metrics associated with your security policies in the Cloud Monitoring dashboard. You can also view suspicious application traffic patterns from Cloud Armor directly in the Security Command Center dashboard, now in beta.
Get visibility into Cloud Armor decisions as well as the implicated policies and rules on a per-request basis via Cloud Logging.
Deploy Cloud Armor rules in preview mode to understand service access patterns, rule accuracy, and impact on production traffic before enabling active enforcement in your policies and to ensure safe operation of your applications.
Policy framework with rules
Configure one or more security policies with a hierarchy of rules. Apply a policy to one or more services.
IP-based and geo-based access control
Filter your incoming traffic based on IPv4 and IPv6 addresses or CIDRs. Identify and enforce access control based on geographic location of incoming traffic.
|Google Cloud Armor Price|
|Policy Charge||$5 per Google Cloud Armor policy per month|
|Per Rule Charge||$1 per rule per policy per month|
|Incoming Requests Charge*||$0.75 per million HTTP(S) requests|
*Promotion: Until March 31, 2020, your queries-per-month charges across all projects in a billing account are capped at $3,000.
If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.
Take the next step
A product or feature listed on this page is in beta. For more information on our product launch stages, see here.