Cloud Armor

Protect your services against denial of service and web attacks.

Try It Free Request Access to Alpha Features

Cloud Armor: Defending your services

Cloud Armor delivers defense at scale against infrastructure and application Distributed Denial of Service (DDoS) attacks using Google’s global infrastructure and security systems.

Cloud Armor: Defending your services Image

Infrastructure DDoS defense

Cloud Armor works with Global HTTP(S) Load Balancer to provide built-in defenses against infrastructure DDoS attacks. Cloud Armor benefits from more than a decade of experience protecting the world’s largest Internet properties like Google Search, Gmail and YouTube.

Infrastructure DDoS defense Image

IP deny list/allow list

Permit or block your incoming traffic based on IP addresses or ranges using allow lists and deny lists.

Whitelist/Blacklist traffic Image

Rich language for custom defense ALPHA

Cloud Armor’s flexible rules language enables you to customize your defenses and mitigate multivector attacks. It also provides predefined rules to defend against cross-site scripting (XSS) and SQL injection (SQLi) application-aware attacks. Alpha features are only available to selected customers for a limited availability test but will be more generally available soon.

Rich language for custom defense Image

Partner ecosystem

Cloud Armor works with security offerings from security partners, enabling you to build a comprehensive security model for your GCP services.

Partner ecosystem Image

Cloud Armor Features

Protect your services against denial of service and web attacks

Cloud Armor with Global HTTP(S) Load Balancer
Cloud Armor works with the HTTP(S) Load Balancer, which provides built-in infrastructure DDoS defense.
Rich Rules Language ALPHA
Create rules using any combination of L3–L7 parameters and geolocation to protect your deployment with a flexible rules language. Also use predefined rules to defend against cross-site scripting (XSS) and SQL injection defense.
Policy Framework with Rules
Configure one or more security policies with a hierarchy of rules. Apply a policy to one or more services.
Stackdriver Logging
Get visibility into the policy and rule matched and the action taken by the rule for each incoming request.
Preview Mode
Enable Preview mode to understand service access patterns before enabling your policies and to ensure the correct traffic sources are being allowed and blocked.
IP-based Access Control
Enforce access control based on IPv4 and IPv6 addresses or CIDRs.
Geo-based Access Control ALPHA
Identify and enforce access control based on geographic location of incoming traffic.

“ Cloud Armor is a great example of how Google continues to innovate on its pervasive defense-in-depth security strategy, providing a rich layer of security control that can be managed at the network edge. Thank you, Google! ”

— Matt Hite Network Engineer, Evernote

Cloud Armor Pricing

  Cloud Armor Price
Policy Charge $5 per Cloud Armor policy per month
Per Rule Charge $1 per rule per policy per month
Incoming Requests Charge $0.75 per million HTTP(S) requests
If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

Cloud Armor pricing is provided for informational purposes and will take effect only at GA.

Products or features listed on this page are in alpha or beta. For more information on our product launch stages, see here.