Cloud Armor Beta
Protect your services against denial of service and web attacks.
Try It Free Request Access to Alpha FeaturesCloud Armor: Defending your services
Cloud Armor delivers defense at scale against infrastructure and application Distributed Denial of Service (DDoS) attacks using Google’s global infrastructure and security systems.
Infrastructure DDoS defense
Cloud Armor works with Global HTTP(S) Load Balancer to provide built-in defenses against infrastructure DDoS attacks. Cloud Armor benefits from more than a decade of experience protecting the world’s largest Internet properties like Google Search, Gmail and YouTube.
IP deny list/allow list BETA
Permit or block your incoming traffic based on IP addresses or ranges using allow lists and deny lists.
Rich language for custom defense ALPHA
Cloud Armor’s flexible rules language enables you to customize your defenses and mitigate multivector attacks. It also provides predefined rules to defend against cross-site scripting (XSS) and SQL injection (SQLi) application-aware attacks. Alpha features are only available to selected customers for a limited availability test but will be more generally available soon.
Partner ecosystem
Cloud Armor works with security offerings from security partners, enabling you to build a comprehensive security model for your GCP services.
Cloud Armor Features
Protect your services against denial of service and web attacks
- Cloud Armor with Global HTTP(S) Load Balancer
- Cloud Armor works with the HTTP(S) Load Balancer, which provides built-in infrastructure DDoS defense.
- Rich Rules Language ALPHA
- Create rules using any combination of L3–L7 parameters and geolocation to protect your deployment with a flexible rules language. Also use predefined rules to defend against cross-site scripting (XSS) and SQL injection defense.
- Policy Framework with Rules
- Configure one or more security policies with a hierarchy of rules. Apply a policy to one or more services.
- Stackdriver Logging
- Get visibility into the policy and rule matched and the action taken by the rule for each incoming request.
- Preview Mode
- Enable Preview mode to understand service access patterns before enabling your policies and to ensure the correct traffic sources are being allowed and blocked.
- IP-based Access Control
- Enforce access control based on IPv4 and IPv6 addresses or CIDRs.
- Geo-based Access Control ALPHA
- Identify and enforce access control based on geographic location of incoming traffic.
“ Cloud Armor is a great example of how Google continues to innovate on its pervasive defense-in-depth security strategy, providing a rich layer of security control that can be managed at the network edge. Thank you, Google! ”
— Matt Hite Network Engineer, Evernote
Cloud Armor Pricing
| Cloud Armor Price | |
|---|---|
| Policy Charge | $5 per Cloud Armor policy per month |
| Per Rule Charge | $1 per rule per policy per month |
| Incoming Requests Charge | $0.75 per million HTTP(S) requests |
Cloud Armor pricing is provided for informational purposes and will take effect only at GA.
Products or features listed on this page are in alpha or beta. For more information on our product launch stages, see here.