Google Cloud Armor: Defending your services
Google Cloud Armor delivers defense at scale against infrastructure and application distributed denial of service (DDoS) attacks using Google’s global infrastructure and security systems.
Infrastructure DDoS defense
Google Cloud Armor works with Cloud Load Balancing to provide built-in defenses against infrastructure DDoS attacks. Google Cloud Armor benefits from more than a decade of experience protecting the world’s largest internet properties like Google Search, Gmail, and YouTube.
IP deny list/allow list
Permit or block your incoming traffic based on IP addresses or ranges using allow lists and deny lists.
Rich language for custom defense (alpha)
Google Cloud Armor’s flexible rules language enables you to customize your defenses and mitigate multivector attacks. It also provides predefined rules to defend against cross-site scripting (XSS) and SQL injection (SQLi) application-aware attacks. Alpha features are only available to selected customers for a limited availability test but will be more generally available soon.
Google Cloud Armor works with security offerings from security partners, enabling you to build a comprehensive security model for your GCP services.
Google Cloud Armor with Cloud Load Balancing
Google Cloud Armor works with Cloud Load Balancing, which provides built-in infrastructure DDoS defense.
Get visibility into the policy and rule matched and the action taken by the rule for each incoming request.
Rich Rules Language (alpha)
Create rules using any combination of L3–L7 parameters and geolocation to protect your deployment with a flexible rules language. Also use predefined rules to defend against cross-site scripting (XSS) and SQL injection defense.
Enable preview mode to understand service access patterns before enabling your policies and to ensure the correct traffic sources are being allowed and blocked.
Policy framework with rules
Configure one or more security policies with a hierarchy of rules. Apply a policy to one or more services.
IP-based access control
Enforce access control based on IPv4 and IPv6 addresses or CIDRs.
Geo-based Access Control (alpha)
Identify and enforce access control based on geographic location of incoming traffic.
|Google Cloud Armor Price|
|Policy Charge||$5 per Google Cloud Armor policy per month|
|Per Rule Charge||$1 per rule per policy per month|
|Incoming Requests Charge*||$0.75 per million HTTP(S) requests|
*Promotion: Until December 31, 2019, your queries-per-month charges across all projects in a billing account are capped at $500.
If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.
Google Cloud Armor pricing is provided for informational purposes and will take effect only at GA.
Learn and build
New customers get $300 in free credits to learn and build on Google Cloud for up to 12 months.
Need more help?
Our experts will help you build the right solution or find the right partner for your needs.
A product or feature listed on this page is in alpha. For more information on our product launch stages, see here.