Virtual Private Cloud pricing

This page describes the networking pricing for resources in Virtual Private Cloud (VPC) networks.

For pricing for other Google Cloud products, see All networking pricing.

General network pricing information

Data transfer
Data transfer can be traffic coming into a Google Cloud resource (e.g. VM), leaving Google Cloud region out into the internet, or in between two resources within Google Cloud.

A region is a set of buildings operated by Google in a geographic location, such as a data center campus. Traffic can travel as follows:

  • Within the set of buildings at the location, which always used Google's network (intra-zone and intra-region pricing)
  • To another building operated by Google in another location, which always used Google's network (inter-region pricing)
  • To a location not operated by Google over a Cloud Interconnect connection (Cloud Interconnect pricing)
  • To a location not operated by Google not over a Cloud Interconnect connection (internet data transfer out pricing)
Premium Tier
The Network Service Tiers Premium Tier leverages Google's premium backbone to carry traffic to and from your external users. The public internet is usually only used between the user and the closest Google network ingress point.
Standard Tier
The Network Service Tiers Standard Tier leverages the public internet to carry traffic between your services and your users. While using the public internet provides a lower quality of service, it is more economical than Premium Tier.

Inbound data transfer pricing

Traffic type Price
Inbound data transfer

No charge for inbound data transfer. However there may be a charge for resource that processes data. Services that process inbound data are as follows:

Responses to requests count as data transfer out and are charged.

VM-VM data transfer pricing within Google Cloud

This section covers traffic that leaves a Google Cloud VM and travels to another Google Cloud VM. The cost is attributed to the project of the VM that is sending the traffic. This pricing affects Compute Engine VMs, Google Kubernetes Engine (GKE) nodes, and VMs running App Engine flexible environment.

The following prices are applied both during and after the Google Cloud Free Trial period. During the Free Trial period, these prices are charged against the Free Trial credit amount.

Inter-zone data transfer

VM-to-VM data transfer when the source and destination VM are in different zones of the same Google Cloud region
Traffic type Price
Data transfer to the same Google Cloud zone when using the internal IPv4 addresses or any IPv6 addresses 1 No charge
Data transfer to a different Google Cloud zone in the same Google Cloud region when using the internal or external IP addresses 1 (per GiB)
Note: All traffic to and from external IPv4 addresses leaves the zone - regardless of the destination.
$0.01

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

1The prices are used regardless of network or subnet. The price for traffic within a zone using internal IP addresses is the same even if the traffic is to a different subnet or network. The price on traffic between zones in the same region is the same if the two instances are in the same subnet, different subnets, or different networks. Pricing is the same whether the instances are in a VPC network or a legacy network.

Inter-region data transfer

VM-to-VM data transfer when the source and destination VMs are in different Google Cloud regions. All prices are per GiB in USD
Location of VM or Google Cloud service Destination
North America Europe Asia3 Indonesia Oceania Middle East SouthAmerica Africa
Source North America $0.02 $0.05 $0.08 $0.10 $0.10 $0.11 $0.14 $0.11
Europe $0.05 $0.02 $0.08 $0.10 $0.10 $0.11 $0.14 $0.11
Asia3 $0.08 $0.08 $0.08 $0.10 $0.10 $0.11 $0.14 $0.11
Indonesia $0.10 $0.10 $0.10 N/A $0.10 $0.11 $0.14 $0.11
Oceania $0.10 $0.10 $0.10 $0.10 $0.10 $0.11 $0.14 $0.11
Middle East $0.11 $0.11 $0.11 $0.11 $0.11 $0.11 $0.14 $0.11
South America $0.14 $0.14 $0.14 $0.14 $0.14 $0.14 $0.14 $0.14
Africa $0.11 $0.11 $0.11 $0.11 $0.11 $0.11 $0.14 $0.11

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

2 Oceania includes Australia, New Zealand, and surrounding Pacific Ocean islands such as Papua New Guinea and Fiji. This region excludes Hawaii.
3 Includes all regions in Asia except Indonesia.

VM-to-Google service

This section covers traffic that leaves a Google Cloud VM and travels to a Google service. The cost is attributed to the project of the VM that is sending the traffic. This pricing affects Compute Engine VMs, Google Kubernetes Engine nodes, and VMs running App Engine flexible environment.

The following prices are applied both during and after the Google Cloud Free Trial period. During the Free Trial period, these prices are charged against the Free Trial credit amount.

Traffic type Price
Data transfer to specific Google products such as Gmail, YouTube, Google Maps, DoubleClick, and Google Drive, whether from a VM in Google Cloud with an external IP address or an internal IP address. No charge
Data transfer to a different Google Cloud service within the same region using an external IP address or an internal IP address, except for Memorystore for Redis, Filestore, GKE, and Cloud SQL. No charge
Data transfer from Compute Engine and GKE to Cloud CDN and Media CDN. No charge (cache fill might apply for Cloud CDN).
Data transfer to Memorystore for Redis, Filestore, Cloud SQL, and Google Kubernetes Engine within the same region is priced the same as VM-to-VM traffic. VM-VM data transfer pricing within Google Cloud
Data transfer to a Google Cloud service in a different region. VM-VM data transfer pricing within Google Cloud
For Spanner network pricing, see Spanner pricing.
For Cloud Storage network pricing, see Cloud Storage pricing.

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

Internet data transfer rates

Premium Tier pricing

Premium Tier is the default tier for all Google Cloud data transfer. To use Standard Tier, you must specify it explicitly.

The following prices are applied both during and after the Google Cloud Free Trial period. During the Free Trial period, these prices are charged against the Free Trial credit amount.

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

Standard Tier pricing

Data transfer out pricing is per GiB delivered. Pricing is based on source geolocation of traffic. Ingress pricing is still free. Always Free usage limits do not apply to Standard Tier.

Contact sales for pricing beyond 500 TiB.

Internal IP address pricing

There is no charge for static or ephemeral internal IP addresses.

External IP address pricing

You are charged for static and ephemeral external IP addresses according to the following table.

If you reserve a static external IP address and do not assign it to a resource such as a VM instance or a forwarding rule, you are charged at a higher rate than for static and ephemeral external IP addresses that are in use.

You are not charged for static external IP addresses that are assigned to forwarding rules.

You are not charged for external IPv6 address ranges that are assigned to subnets or for external IPv6 addresses that are assigned to VM instances. You are not charged for static regional IPv6 addresses (Preview).

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

In use or not

Google Cloud considers a static external IP address as in use if it is associated with a VM instance whether the instance is running or stopped. If the instance is deleted or if the IP address is dissociated from the instance, Google Cloud considers the static IP address as not in use.

For an ephemeral IP address, Google Cloud considers the address as in use only when the associated VM instance is running. When the instance is stopped or deleted, Google Cloud releases the ephemeral IP address and no longer considers it as in use.

You can check whether a static external IP address is in use by making a gcloud compute addresses list request. This command returns a list of static external IP addresses and their statuses:

gcloud compute addresses list

NAME          REGION  ADDRESS        STATUS
address-1             130.211.8.68   IN_USE
address-2             35.186.217.84  RESERVED

In this example, IPv4 address-1 is in use while IPv4 address-2 is reserved but not being used. Both addresses are charged according to the External IP address pricing table in this document.

Firewall rules

For Cloud Next Generation Firewall pricing, see the Cloud NGFW pricing page.

Private Service Connect

The costs associated with Private Service Connect vary depending on the configuration.

Using a Private Service Connect endpoint (forwarding rule) to access Google APIs

Item Price per hour (USD) Price per GiB processed,
Inbound and outbound data transfer
Private Service Connect endpoint (forwarding rule) used to access Google APIs $0.01 No data charge
Private Service Connect automatically creates a Service Directory namespace to register endpoints in. A single default namespace is used for endpoints in the same VPC network. For more information about Service Directory pricing, see Service Directory pricing.

Using a Private Service Connect endpoint (forwarding rule) to access the regional endpoints of Google APIs

Item Price per hour (USD) Price per GiB processed,
data transfer in and out (USD)
Private Service Connect endpoint (forwarding rule) to access the regional endpoints of Google APIs $0.01 No data charge
Private Service Connect automatically creates a Service Directory namespace to register endpoints in. A single default namespace is used for endpoints in the same VPC network. For more information about Service Directory pricing, see Service Directory pricing.

Using a Private Service Connect backend (load balancer) to access Google APIs

Private Service Connect backends use a load balancer to access Google APIs. All load balancer pricing applies. Traffic to Private Service Connect NEGs that is directed to Google APIs incurs load balancing charges for data processed by load balancer. However, there is no Private Service Connect charge for data transfer traffic between the Private Service Connect NEG and Google APIs.

For pricing information for your load balancer, see pricing for global external Application Load Balancers or internal Application Load Balancers.

Using a Private Service Connect service attachment to publish a managed service

Item Price per hour (USD) Price per GiB processed,
Inbound and outbound data transfer
Private Service Connect service attachment used by a service producer to provide access to services No hourly charge $0.01
Services that are published using Private Service Connect can be hosted on the following load balancers:
  • Internal passthrough Network Load Balancer: For pricing information, see Load balancing and forwarding rules.
  • Internal Application Load Balancer: For pricing information, see Internal Application Load Balancer.
  • Internal protocol forwarding: For pricing information, see Protocol forwarding.
  • Regional internal proxy Network Load Balancer:
    • Pricing for Preview: A regional internal proxy Network Load Balancer used with Private Service Connect is offered without charge until it reaches General Availability.
    • Pricing for General Availability: Internal passthrough Network Load Balancer pricing applies for regional internal proxy Network Load Balancers at General Availability. For pricing information, see Load balancing and forwarding rules.

Using a Private Service Connect endpoint (forwarding rule) to access a published service

Item Price per hour (USD) Price per GiB processed,
Inbound and outbound data transfer
Private Service Connect endpoint (forwarding rule) $0.01

$0.01

For endpoints with global access, when the endpoint is accessed by resources in other regions, inter-regional data transfer charges also apply to that traffic.

Private Service Connect automatically creates a Service Directory namespace to register endpoints in. A single default namespace is used for endpoints in the same region of a project unless you explicitly create additional namespaces. For more information about Service Directory pricing, see Service Directory pricing.

Using a Private Service Connect backend (load balancer) to access a published service

Private Service Connect backends use a load balancer to access published services. All load balancer pricing applies. Traffic between Private Service Connect NEGs and Private Service Connect published services incurs both load balancing charges for data processed by load balancer and Private Service Connect charges data transfer traffic between the NEG and the published service.

The following table summarizes the applicable charges for this configuration.

Item Price (USD)
Private Service Connect endpoint (load balancer) used to access services in another VPC network All global external Application Load Balancer or internal Application Load Balancer pricing applies
Traffic between a Private Service Connect NEG and the published service $0.01 per GiB processed, inbound and outbound data transfer

Deploying a service by using service connection maps

When you deploy a service by using service connection maps, there are no charges for the deployment itself. However, you are charged for the following:

Using a Private Service Connect interface for access to a producer or consumer VPC network

Item Price per hour (USD) Price per GB processed,
data transfer in and out (USD)
Private Service Connect interface used for access to a producer or consumer VPC network No hourly charge $0.01 charged to the consumer, in addition to VM-VM data transfer pricing within Google Cloud

Note that for consumer to producer traffic inter-zone or inter-region, both VM egress traffic charges and PSC interfaces ingress traffic charges apply and are charged to the consumer

Private services access

When you create a private services access connection, there are no hourly or data charges for the connection itself. However, you are charged for the following:

  • Resources that you provision in the service producer's network
  • Data transfer traffic from your VMs to the service producer's network

Serverless VPC Access

Serverless VPC Access is priced as follows.
Resource Price
Serverless VPC Access connector Charged by the number of instances in your connector. Connector instances bill as Compute Engine VMs, but you cannot view or manage them as VMs in the Google Cloud console. See the pricing for your instance type:
Data transfer out Charged at Compute Engine networking rates. Serverless VPC Access connector instances are distributed across zones for increased reliability. The rate is based on which connector instance handles the request and whether the destination resource is in the same zone. Data transfer out to a connector from a serverless resource such as a function, app, or service is not charged.
You can view your Serverless VPC Access costs in the Google Cloud console by filtering your billing reports by the label key serverless-vpc-access.

Network telemetry

Network logs generate charges. You are charged for the following products:

  • VPC Flow Logs
  • Firewall Rules Logging
  • Cloud NAT logging
Log generation Price (USD)
0—10 TiB per month 0.50/GiB
10—30 TiB per month 0.25/GiB
30—50 TiB per month 0.10/GiB
>50 TiB per month 0.05/GiB

Logs are sent to Cloud Logging. Logs can be further exported to Pub/Sub, Cloud Storage, or BigQuery. Pub/Sub, Cloud Storage, or BigQuery charges apply in addition to log generation charges. For more information on exporting logs, see Overview of logs export.

If you store your logs in Cloud Logging, logs generation charges are waived, and only Logging charges apply.

If you send and then exclude your logs from Cloud Logging, log generation charges apply.

Packet Mirroring

You are charged for the amount of data processed by Packet Mirroring. You are not charged for Packet Mirroring forwarding rules. Currently, there is no additional per-VM charge for using Packet Mirroring. The costs for the data processed by Packet Mirroring are described in the following table.

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

Normal data transfer rates are charged for traffic outbound from a load balancer. There is no additional load balancer data transfer cost beyond normal data transfer out rates.

Load balancing and forwarding rules

The pricing tables in this section apply to all types of load balancers other than internal Application Load Balancers. For internal Application Load Balancers, see the Internal Application Load Balancer section.

For Private Service Connect forwarding rules, see the Private Service Connect section.

The following table shows the pricing for global forwarding rules. There are no global data processing charges. Data processing is charged by the region, depending on where the traffic is processed.

Item Price per unit (USD) Pricing unit
First 5 forwarding rules $0.025 Per Hour
Per additional forwarding rule $0.01 Per Hour
If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

The following table shows regional forwarding rule charges and inbound and outbound data processing charges by region.

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

Ways to lower external Application Load Balancer costs

Global external Application Load Balancer users can use Google Cloud Armor, Cloud CDN, or both, to minimize the impact of Outbound data processing charges.

  • Cloud CDN: Static objects that are served to the client from the cache do not transit through the load balancer. An effective caching strategy would reduce the amount of outbound data being processed by the load balancer and lower your costs. To implement caching, it is necessary to understand which portion of your traffic is static and cacheable. For additional information, refer the Cloud CDN documentation.

  • Google Cloud Armor: If your application receives a significant amount of undesirable traffic, you can deploy Google Cloud Armor to block such traffic. Requests that are blocked by Google Cloud Armor do not transit through the load balancer, effectively reducing the amount of outbound data processed by the load balancer. The impact on your costs depends on the percentage of undesirable traffic blocked by the Google Cloud Armor security policies you've implemented.

If your application can operate in a single region or is required to operate in a single region, you can use the Regional external Application Load Balancer. The regional external Application Load Balancer uses only the Standard Network Tier which has lower outbound data transfer charges making it a cost effective option.

External Application Load Balancer pricing with Serverless NEGs

If you are using serverless NEG backends with an external Application Load Balancer (global, regional, or classic), existing load balancer charges will apply in addition to the serverless compute charges for Cloud Run, Cloud Functions, or App Engine backends as applicable. If Google Cloud Armor or Cloud CDN are used, their respective charges also apply.

However, you will not be charged for both serverless outbound data transfer and internet outbound data transfer. Only internet outbound data transfer rates apply. Cloud Functions outbound data transfer charges, App Engine outgoing network traffic charges and Cloud Run data transfer charges do not apply to requests passed from an external Application Load Balancer (using serverless NEGs) to a Cloud Functions, App Engine, or Cloud Run service.

Cross-project service referencing with Shared VPC

Review the following points to understand how projects and billing accounts are charged for networking SKUs when you use cross-project service referencing.

Load balancer's frontend and backend components in different service projects
Figure 1. Load balancer's frontend and backend in different service projects
  • Cloud Load Balancing related charges are always attributed to the project where the forwarding rule is configured (service project A in figure 1). This includes charges for forwarding rules, inbound data processed, and outbound data processed by the global external Application Load Balancer. Review Cloud Load Balancing pricing basics.
  • Network internet data transfer out for Premium Tier and Standard Tier are always attributed to the project where the forwarding rule is configured (service project A in figure 1). Review Network data transfer pricing.
  • If you configure Cloud CDN on a backend service that is referenced by a URL map using cross-project service referencing, then all Cloud CDN charges for cacheable content (cache data transfer out, cache lookup, cache fill) are always attributed to the project that contains the Cloud CDN-enabled backend service (service project B in figure 1), and not the project that configured the forwarding rules. Review Cloud CDN pricing.
  • If you configure Google Cloud Armor on a backend service that is referenced by a URL map using cross-project service referencing, then all Google Cloud Armor related charges are attributed to the project that contains the Google Cloud Armor-enabled backend service (service project B in figure 1), and not the project that configured the forwarding rules. Review Google Cloud Armor pricing. Specifically, all Google Cloud Armor Standard Tier and Managed Protection Tier charges are attributed to service project B.

    The following additional considerations also apply when you're using Google Cloud Armor with cross-project service referencing:

    • Subscription changes related to Managed Protection Plus are attributed to the billing account that you specified during enrollment. If you want to use the same Managed Protection Plus subscription across multiple projects to include all the backend services referenced using cross-project service referencing, make sure that you include all the relevant service projects as part of the same Managed Protection Plus billing account.
    • When you're using cross-project service referencing, some features offered in Managed Protection Plus, such as DDoS telemetry and DDoS response, require Plus tier enrollment for both the frontend forwarding rule project and the backend service projects.

Forwarding rules pricing examples

Google Cloud charges for forwarding rules whether they are created for load balancing or other uses, such as Packet Mirroring.

The following examples use US pricing:

You can create up to 5 forwarding rules for the price of $0.025/hour. For example, if you create one forwarding rule, you are charged $0.025/hour. If you have 3 forwarding rules, you are still charged $0.025/hour. However, if you have 10 forwarding rules, you are charged as follows:

  • 5 forwarding rules = $0.025/hour
  • Each additional forwarding rule = $0.01/hour

$0.025/hour for 5 rules + (5 additional rules * $0.01/hour) = $0.075/hour

For most load balancing use cases, you need only one forwarding rule per load balancer.

Google Cloud charges for global forwarding rules and regional forwarding rules separately, and also per project. For example, if you use one global forwarding and one regional forwarding rule in two separate projects (four rules total), you are charged $0.10/hour (4 x $0.025/hour).

Estimating load balancing charges

To estimate load balancing charges:

  1. Go to the Pricing Calculator.
  2. On the Cloud Load Balancing tab.
  3. From the dropdown menu, select a region.
  4. Enter your estimated number of forwarding rules.
  5. Enter your monthly estimated amount of network traffic processed.

For example:

  • Iowa
  • Number of forwarding rules: 10
  • Inbound data processed by load balancer: 2,048 GiB
  • Total Estimated Cost: USD 71.13 per 1 month

This example doesn't include the internet data transfer out cost of sending replies from the backends.

Internal Application Load Balancer

The following charges apply to both regional internal Application Load Balancers and cross-region internal Application Load Balancers. Some additional cross-region data transfer charges also apply to the cross-region internal Application Load Balancer.

If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.

* Internal Application Load Balancers use a fleet of managed proxy instances that are dynamically allocated to your network to handle traffic volume. The per proxy instance charge is determined based on the number of proxy instances required to handle your traffic over a specific time period.

Proxy instance charge

Envoy-based load balancers automatically scale the number of proxies available to handle your traffic based on your traffic needs. The proxy instance charge is based on the number of proxy instances needed to satisfy your traffic needs. Each additional proxy incurs an additional hourly charge according to the prices indicated in the previous table.

The number of proxies allocated to your load balancer is calculated based on the measured capacity needed to handle your traffic over a 10-minute time period. During this time period, we look at the greater of:

  • The number of proxies needed to serve your traffic's bandwidth needs. Each proxy instance can handle up to 18 MB per second. We monitor the total bandwidth required and divide that total by the bandwidth that a proxy instance can support.
  • The number of proxies needed to handle connections and requests. We count the total of each of the following resources and divide each value by what a proxy instance can handle:
    • 600 (HTTP) or 150 (HTTPS) new connections per second
    • 3,000 active connections
    • 1,400 requests per second*

* A proxy instance can handle 1,400 requests per sec if Cloud Logging is disabled. If you enable Logging, your proxy instance can handle fewer requests per second. For example: logging 100% of requests decreases the proxy's request handling capacity to 700 requests per second. You can set Logging to sample a smaller percentage of traffic. This enables you to meet your observability needs while controlling your cost.

Example calculation

In a 10-minute period, 180 MB per second of data pass through the load balancer. 180 MB per second / 18 MB per second per proxy instance = 10 proxy instances

During this same period, 300 new HTTPS connections are established per second, 3,000 connections are active and 2,800 requests are sent per second:

300 new HTTPS connections per second / 150 new HTTPS connections per second per proxy instance = 2 proxy instances 3,000 active connections / 3,000 active connections per proxy instance = 1 proxy instance 2,800 requests per second / 1,400 requests per second per proxy instance = 2 proxy instances

This sums up to 5 proxy instances. This amount is lower than the 10 proxy instances required to serve bandwidth. Thus, the proxy instance charge for this 10-minute time period would be calculated as follows:

10 proxy instances * $0.025 per proxy instance per hour * (10 minutes / (60 minutes per hour)) = $0.0417

Billing is calculated based on the measured capacity needed to satisfy your traffic needs, not the number of proxy instances that are establishing connections to your backends. As such, you might be billed for a different number of proxy instances than you see in your infrastructure.

Minimum proxy instance charge

To ensure optimal performance and reliability, each load balancer is allocated at least three proxy instances in the Google Cloud region where the load balancer is deployed. These proxy instances are allocated even if the load balancer handles no traffic. After a forwarding rule (with load balancing scheme INTERNAL_MANAGED) is deployed to your project, you start to accrue proxy instance charges. Additional forwarding rules incur additional proxy instance charges as described previously (in other words, three additional proxy instances per forwarding rule).

The three proxy instances that are allocated to your load balancer result in a minimum hourly proxy instance charge. For example, for the us-central1 Google Cloud region, the minimum charge is calculated as follows:

3 proxy instances * $0.025 per proxy per hour = $0.075 per hour

As described previously, these proxy instances can each handle a certain amount of traffic. Once your traffic needs surpass the capacity of these three proxy instances, you will incur costs for the proxy instances required to handle any additional traffic.

Data processing charge

The data processing charge is calculated by measuring the total volume of data for requests and responses processed by your load balancer during the billing cycle. This charge scales according to your usage and there is no minimum charge for data processing.

Cross-region data transfer charges

Cross-region data transfer charges apply if you're using a cross-region internal Application Load Balancer. For example, if you have a cross-region internal Application Load Balancer deployment where the client, the Envoy proxy, and the backend are in separate regions, you'll see cross-region data transfer charges for each hop separately (client <-> Envoy proxy, and Envoy proxy <-> backend). To reduce these cross-region data transfer charges, you can deploy Envoy proxies in multiple regions.

Cross-project service referencing with Shared VPC

For data processing, hourly proxy instance usage, and inter-zone VM data transfer, the forwarding rule project is charged.

Internal Application Load Balancer pricing with serverless NEGs

If you are using serverless NEG backends for an internal Application Load Balancer, existing internal Application Load Balancer charges will apply in addition to the serverless compute charges for Cloud Run. Costs attributable to the internet data transfer out continue to apply.

Regional internet NEG charges

Regional internet NEGs require the use of a Cloud NAT gateway which incurs additional charges. You'll be charged for both internet data transfer out and Cloud NAT usage for any traffic sent to and from the Envoy proxy-only subnet, and for health check traffic. However, the load balancer's charges apply only to user request traffic.

Cloud NAT gateways allocated for Cloud Load Balancing incur hourly charges equivalent to a network with more than 32 VM instances. For details, see Cloud NAT pricing

Custom request headers and Google Cloud Armor charges

If a backend service has a Google Cloud Armor policy associated with it, you can use the custom request headers feature with that backend service without any additional charge for the custom request headers feature.

If a backend service that uses the custom request headers feature does not have a Google Cloud Armor policy associated with it, the charges are $0.75 per 1,000,000 HTTP(S) requests per month per account. You are only charged for the first 666,666,667 requests per month per account.

Global access for internal load balancers

Global access allows client instances from any region to access your internal load balancer. If a forwarding rule has global access enabled, additional cross-region data transfer charges are incurred when traffic is sent to or from a client in a different region than the load balancer.

Global access is generally available for internal passthrough Network Load Balancers, regional internal Application Load Balancers, and regional internal proxy Network Load Balancers.

Protocol forwarding

Protocol forwarding is charged at the same rate as load balancing. There is a charge for the forwarding rule and a charge for the inbound data processed by the target instance.

SSL certificates

There is no charge for self-managed and Google-managed SSL certificates.

What's next

Request a custom quote

With Google Cloud's pay-as-you-go pricing, you only pay for the services you use. Connect with our sales team to get a custom quote for your organization.
Contact sales