Google Cloud Armor
View documentation for this product.
Google Cloud Armor: Defending your services
When you stand up applications on Google Cloud, you benefit from DDoS and web attack protection at Google-scale. Google Cloud Armor works with our global Cloud Load Balancing infrastructure and provides always-on attack detection and mitigation so you can run your business without interruption.
Enterprise-grade DDoS defense
Google Cloud Armor works with the Global HTTP(S) Load Balancer to provide built-in defenses against Layer 3 and Layer 4 infrastructure DDoS attacks. Google Cloud Armor benefits from more than a decade of experience protecting the world’s largest internet properties like Google Search, Gmail, and YouTube.
Mitigate OWASP Top 10 risks
Google Cloud Armor offers a flexible rules language to help you customize your defenses and mitigate multivector attacks. It also provides predefined rules to defend against attacks such as cross-site scripting (XSS) and SQL injection (SQLi) attacks.
Rich language for custom defense
Google Cloud Armor’s flexible rules language enables you to customize your defenses and mitigate web attacks by deploying custom application firewall rules. With Cloud Armor, users are able to program Google’s edge infrastructure to block unwelcome traffic at scale far upstream of their infrastructure.
Partner ecosystem
Google Cloud Armor works with security offerings from security partners, enabling you to build a comprehensive security model for your Google Cloud services.
Features
Pre-defined rules to protect against the web’s most common attacks
Out-of-the-box rules from the ModSecurity Core Rule Set to defend against attacks like cross-site scripting (XSS) and SQL injection defense.
Rich rules language
Create custom rules using any combination of L3–L7 parameters and geolocation to protect your deployment with a flexible rules language.
Visibility and monitoring
Easily monitor all of the metrics associated with your security policies in the Cloud Monitoring dashboard. You can also view suspicious application traffic patterns from Cloud Armor directly in the Security Command Center dashboard.
Logging
Get visibility into Cloud Armor decisions as well as the implicated policies and rules on a per-request basis via Cloud Logging.
Preview mode
Deploy Cloud Armor rules in preview mode to understand rule efficacy and impact on production traffic before enabling active enforcement.
Policy framework with rules
Configure one or more security policies with a hierarchy of rules. Apply a policy at varying levels of granularity to one or many workloads.
IP-based and geo-based access control
Filter your incoming traffic based on IPv4 and IPv6 addresses or CIDRs. Identify and enforce access control based on geographic location of incoming traffic.
Support for hybrid and multi-cloud deployments
Defend applications from DDoS or web attacks and enforce Layer 7 security policies whether your application is deployed on Google Cloud or in a hybrid or multi-cloud architecture.
Technical resources
API & References
Pricing
| Google Cloud Armor Price | |
|---|---|
| Policy Charge | $5 per Google Cloud Armor policy per month |
| Per Rule Charge | $1 per rule per policy per month |
| Incoming Requests Charge* | $0.75 per million HTTP(S) requests |
*Promotion: Until June 30, 2020, your queries-per-month charges across all projects in a billing account are capped at $3,000.
If you pay in a currency other than USD, the prices listed in your currency on Cloud Platform SKUs apply.
Get $300 in free credits to learn and build on Google Cloud for up to 12 months.
A product or feature listed on this page is in beta. For more information on our product launch stages, see here.