Google Cloud Armor Managed Protection is the managed application protection service that helps protect your web applications and services from distributed denial-of-service (DDoS) attacks and other threats from the internet. Managed Protection helps protect applications deployed on Google Cloud, on-premises, or on other infrastructure providers.
Standard tier versus Plus tier
Managed Protection is offered in two service tiers, Standard and Plus:
Standard tier includes a pay-as-you go pricing model, always-on protection from volumetric and protocol-based DDoS attacks across your globally load-balanced infrastructure, and access to Google Cloud Armor web application firewall (WAF) rule capabilities, including preconfigured WAF rules for OWASP Top 10 protection.
Plus tier includes a monthly subscription that includes all the features of Standard tier, as well as bundled Google Cloud Armor WAF usage (including rules, policy, and HTTP(S) requests), third-party named IP address lists, and Adaptive Protection.
All projects that include HTTP(S) Load Balancing, TCP Proxy Load Balancing, or SSL Proxy Load Balancing are automatically enrolled in Managed Protection Standard. After subscribing to Managed Protection Plus at the billing account level, users can choose to enroll individual projects attached to the billing account in Managed Protection Plus.
The following table summarizes the two service tiers.
|Standard tier||Plus tier|
|Billing method||Pay-as-you-go||Monthly subscription (see Pricing)|
|DDoS attack protection||
|WAF||Per policy, per rule, per request (see Pricing)||Included|
|Resource limits||Up to quota limit||Up to quota limit|
|Preconfigured WAF rules||Yes||Yes|
|Named IP address lists||During Preview period||Yes|
|Data processing fee||None||Yes (see Pricing)|
|Time commitment||None||One year|
Subscribing to Managed Protection Plus
To use the additional services and capabilities in Managed Protection Plus, you must first subscribe to Managed Protection Plus. After your Managed Protection Plus subscription is activated for the billing account, you must then enroll individual projects in Managed Protection Plus.
After a project is enrolled in Managed Protection Plus, the forwarding rules for HTTP(S) Load Balancing, SSL Proxy Load Balancing, and TCP Proxy Load Balancing within the project are added to the subscription. In addition, all backend services served by those forwarding rules are counted as protected resources and are metered for the Managed Protection Plus monthly subscription cost. The backend services in Plus tier are aggregated across all enrolled projects in a billing account.
- Subscribe and enroll projects in Managed Protection Plus
- Troubleshoot issues
- Use the custom rules language reference