Google Cloud Armor Managed Protection is the managed application protection service that helps protect your web applications and services from distributed denial-of-service (DDoS) attacks and other threats from the internet. Managed Protection helps protect applications deployed on Google Cloud, on-premises, or on other infrastructure providers.
Standard tier versus Plus tier
Managed Protection is offered in two service tiers, Standard and Plus:
Standard tier includes a pay-as-you go pricing model, always-on protection from volumetric and protocol-based DDoS attacks across your globally load-balanced infrastructure, and access to Google Cloud Armor web application firewall (WAF) rule capabilities and preconfigured WAF rules.
Plus tier includes a monthly subscription that includes all of the features of Standard tier, as well as a bundled Google Cloud Armor WAF policy, rules, HTTP request usage, and named IP address lists.
All projects that include HTTP(S) Load Balancing, TCP Proxy Load Balancing, or SSL Proxy Load Balancing are automatically enrolled in Managed Protection Standard tier. After subscribing to Managed Protection Plus tier at the billing account level, users can choose to enroll individual projects attached to the billing account in Plus tier.
The following table summarizes the two service tiers.
|Standard tier||Plus tier|
|Billing method||Pay-as-you-go||Monthly subscription (see Pricing)|
|DDoS attack protection||
|WAF||Per policy, per rule, per request (see Pricing)||Included|
|Resource limits||Up to quota limit||Up to quota limit|
|Preconfigured WAF rules||Yes||Yes|
|Named IP address lists||During beta period||Yes|
|Data processing fee||None||Yes (see Pricing)|
|Time commitment||None||One year|
Subscribing to Plus tier
To use the additional services and capabilities in Managed Protection Plus tier, you must first subscribe to Plus tier. After your Plus tier subscription is activated for the billing account, you can then enroll individual projects in Plus tier.
After a project is enrolled in Plus tier, the forwarding rules for HTTP(S) Load Balancing, SSL Proxy Load Balancing, and TCP Proxy Load Balancing within the project are added to the Plus tier subscription, and all backend services served by those forwarding rules are counted as protected resources and metered for the Plus tier monthly subscription cost. The backend services in Plus tier are aggregated across all enrolled projects in a billing account.