Google Cloud Armor Managed Protection overview

Google Cloud Armor Managed Protection is the managed application protection service that helps protect your web applications and services from distributed denial-of-service (DDoS) attacks and other threats from the internet. Managed Protection helps protect applications deployed on Google Cloud, on-premises, or on other infrastructure providers.

Standard tier versus Plus tier

Managed Protection is offered in two service tiers, Standard and Plus:

  • Standard tier includes a pay-as-you go pricing model, always-on protection from volumetric and protocol-based DDoS attacks across your globally load-balanced infrastructure, and access to Google Cloud Armor web application firewall (WAF) rule capabilities and preconfigured WAF rules.

  • Plus tier includes a monthly subscription that includes all of the features of Standard tier, as well as a bundled Google Cloud Armor WAF policy, rules, HTTP request usage, and named IP address lists.

All projects that include HTTP(S) Load Balancing, TCP Proxy Load Balancing, or SSL Proxy Load Balancing are automatically enrolled in Managed Protection Standard tier. After subscribing to Managed Protection Plus tier at the billing account level, users can choose to enroll individual projects attached to the billing account in Plus tier.

The following table summarizes the two service tiers.

Standard tier Plus tier
Billing method Pay-as-you-go Monthly subscription (see Pricing)
DDoS attack protection
  • HTTP(S) Load Balancing
  • TCP Proxy Load Balancing
  • SSL Proxy Load Balancing
  • HTTP(S) Load Balancing
  • TCP Proxy Load Balancing
  • SSL Proxy Load Balancing
WAF Per policy, per rule, per request (see Pricing) Included
Resource limits Up to quota limit Up to quota limit
Preconfigured WAF rules Yes Yes
Named IP address lists During beta period Yes
Data processing fee None Yes (see Pricing)
Time commitment None One year

Subscribing to Plus tier

To use the additional services and capabilities in Managed Protection Plus tier, you must first subscribe to Plus tier. After your Plus tier subscription is activated for the billing account, you can then enroll individual projects in Plus tier.

After a project is enrolled in Plus tier, the forwarding rules for HTTP(S) Load Balancing, SSL Proxy Load Balancing, and TCP Proxy Load Balancing within the project are added to the Plus tier subscription, and all backend services served by those forwarding rules are counted as protected resources and metered for the Plus tier monthly subscription cost. The backend services in Plus tier are aggregated across all enrolled projects in a billing account.

What's next