Google Cloud Armor Managed Protection overview

Google Cloud Armor Managed Protection is the managed application protection service that helps protect your web applications and services from distributed denial-of-service (DDoS) attacks and other threats from the internet. Managed Protection helps protect applications deployed on Google Cloud, on-premises, or on other infrastructure providers.

Standard tier versus Plus tier

Managed Protection is offered in two service tiers, Standard and Plus:

  • Standard tier includes a pay-as-you go pricing model, always-on protection from volumetric and protocol-based DDoS attacks across your globally load-balanced infrastructure, and access to Google Cloud Armor web application firewall (WAF) rule capabilities, including preconfigured WAF rules for OWASP Top 10 protection.

  • Plus tier includes a monthly subscription that includes all the features of Standard tier, as well as bundled Google Cloud Armor WAF usage (including rules, policy, and HTTP(S) requests), third-party named IP address lists, and Adaptive Protection.

All projects that include HTTP(S) Load Balancing, TCP Proxy Load Balancing, or SSL Proxy Load Balancing are automatically enrolled in Managed Protection Standard. After subscribing to Managed Protection Plus at the billing account level, users can choose to enroll individual projects attached to the billing account in Managed Protection Plus.

The following table summarizes the two service tiers.

Standard tier Plus tier
Billing method Pay-as-you-go Monthly subscription (see Pricing)
DDoS attack protection
  • HTTP(S) Load Balancing
  • TCP Proxy Load Balancing
  • SSL Proxy Load Balancing
  • HTTP(S) Load Balancing
  • TCP Proxy Load Balancing
  • SSL Proxy Load Balancing
WAF Per policy, per rule, per request (see Pricing) Included
Resource limits Up to quota limit Up to quota limit
Preconfigured WAF rules Yes Yes
Named IP address lists During Preview period Yes
Data processing fee None Yes (see Pricing)
Time commitment None One year

Subscribing to Managed Protection Plus

To use the additional services and capabilities in Managed Protection Plus, you must first subscribe to Managed Protection Plus. After your Managed Protection Plus subscription is activated for the billing account, you must then enroll individual projects in Managed Protection Plus.

After a project is enrolled in Managed Protection Plus, the forwarding rules for HTTP(S) Load Balancing, SSL Proxy Load Balancing, and TCP Proxy Load Balancing within the project are added to the subscription. In addition, all backend services served by those forwarding rules are counted as protected resources and are metered for the Managed Protection Plus monthly subscription cost. The backend services in Plus tier are aggregated across all enrolled projects in a billing account.

What's next