Register for
the first Google Cloud Security Talks of 2022!
Learn about modern approaches to threat detection, response and
management.
Google Cloud Armor
Help protect your applications and websites against denial of
service and web attacks.
-
Benefit from DDoS protection and WAF at Google scale
-
Detect and mitigate attacks against your Cloud Load Balancing workloads
-
Adaptive Protection ML-based mechanism to help detect and block Layer 7 DDoS attacks
-
Mitigate OWASP Top 10 risks and help protect workloads on-premises or in the cloud
-
Bot management to stop fraud at the edge through native integration with reCAPTCHA Enterprise
Benefits
Enterprise-grade DDoS defense
Cloud Armor benefits from our experience of protecting
key internet properties such as Google Search, Gmail, and
YouTube. It provides built-in defenses against L3 and L4
DDoS attacks.
Mitigate OWASP Top 10 risks
Cloud Armor provides
predefined rules
to help defend against attacks such as cross-site
scripting (XSS) and SQL injection (SQLi) attacks.
Managed protection
With
Cloud Armor Managed Protection Plus
tier, you will get access to DDoS and WAF services,
curated rule sets, and other services for a predictable
monthly price.
Learn more.
Key features
Key features
Adaptive protection
Automatically detect and help mitigate high volume Layer
7 DDoS attacks with an ML system trained locally on your
applications.
Learn more.
Support for hybrid and multicloud deployments
Help defend applications from DDoS or web attacks and
enforce Layer 7 security policies whether your application
is deployed on Google Cloud or in a hybrid or multicloud
architecture.
Pre-configured WAF rules
Out-of-the-box rules based on industry standards to
mitigate against common web-application vulnerabilities
and help provide protection from the OWASP Top 10. Learn
more in our
WAF rules guide.
Bot management
Provides automated protection for your apps from bots and
helps stop fraud in line and at the edge through native
integration with reCAPTCHA Enterprise.
Learn more.
Rate limiting
Rate-based rules help you protect your applications from
a large volume of requests that flood your instances and
block access for legitimate users.
Learn more.
What's new
What's new
Sign up
for Google Cloud newsletters to receive product updates,
event information, special offers, and more.
Documentation
Documentation
Cloud Armor overview
Learn how Cloud Armor works
and see an overview of Cloud Armor features and
capabilities.
Hands-on lab: HTTP load balancer with Cloud Armor
Learn how to configure an
HTTP load balancer with global back ends, stress test
the load balancer, and denylist the stress test
IP.
Cloud Armor security policy overview
Use Google Cloud Armor
security policies to help protect your load-balanced
applications from distributed denial of service (DDoS)
and other web-based attacks.
Managed protection
Managed protection is an
application protection service that helps protect your
web applications and services from DDoS attacks and
other threats from the internet.
Bot management
Provides effective
management of automated clients' requests towards your
back ends through native integration with reCAPTCHA
Enterprise.
Rate limiting
Rate-based rules help you
protect your applications from a large volume of
requests that flood your instances and block access
for legitimate users.
Configuring Google Cloud Armor security policies
Use these instructions to
filter incoming traffic to HTTP(S) load balancing by
creating Google Cloud Armor security policies.
Configuring Google Cloud Armor through GKE Ingress
Learn how to use a
BackendConfig custom resource to configure Google
Cloud Armor in Google Kubernetes Engine (GKE).
Tuning Google Cloud Armor WAF rules
Preconfigured web
application firewall (WAF) rules with dozens of
signatures that are compiled from open source industry
standards.
Not seeing what you’re looking for?
All features
All features
| Pre-defined WAF rules to mitigate OWASP Top 10 risks | Out-of-the-box rules based on industry standards to mitigate against common web-application vulnerabilities and help provide protection from the OWASP Top 10. |
| Rich rules language for web application firewall | Create custom rules using any combination of L3–L7 parameters and geolocation to help protect your deployment with a flexible rules language. |
| Visibility and monitoring | Easily monitor all of the metrics associated with your security policies in the Cloud Monitoring dashboard. You can also view suspicious application traffic patterns from Cloud Armor directly in the Security Command Center dashboard. |
| Logging | Get visibility into Cloud Armor decisions as well as the implicated policies and rules on a per-request basis via Cloud Logging. |
| Preview mode | Deploy Cloud Armor rules in preview mode to understand rule efficacy and impact on production traffic before enabling active enforcement. |
| Policy framework with rules | Configure one or more security policies with a hierarchy of rules. Apply a policy at varying levels of granularity to one or many workloads. |
| IP-based and geo-based access control | Filter your incoming traffic based on IPv4 and IPv6 addresses or CIDRs. Identify and enforce access control based on geographic location of incoming traffic. |
| Support for hybrid and multicloud deployments | Help defend applications from DDoS or web attacks and enforce Layer 7 security policies whether your application is deployed on Google Cloud or in a hybrid or multicloud architecture. |
| Named IP Lists | Allow or deny traffic through a Cloud Armor security policy based on a curated Named IP List. |
Pricing
Pricing
Cloud Armor Standard provides a pay-as-you-go model,
measuring and charging for security policies and rules
within that policy, as well as for well-formed L7 requests
that are evaluated by a security policy.
Managed Protection Plus, now Generally Available, offers
a subscription-based pricing model starting at
US$3,000 per month for the first 100 protected resources and
then $30 per additional protected resource per month.
| Cloud Armor | Standard | Managed Protection Plus | Notes |
|---|---|---|---|
| Billing | Pay as you go | Starting at $3,000/month | - |
| Protected resources | None | Includes first 100 ($30/month for additional protected resources) | Protected resources include backend services and backend buckets |
| Rules | $1 / month | Included in subscription | - |
| Policy | $5 / month | Included in subscription | - |
| Requests | $0.75 / million queries | Included in subscription | - |
| Data processing fee | None | Additional (details) | - |
| Term | None | 1 year | - |
If a backend service has a Cloud Armor policy, you can use the
user-defined request headers feature
with that service without any additional charge for the
user-defined request headers feature.
If you pay in a currency other than USD, the prices listed in
your currency on
Google Cloud SKUs
apply.
A product or feature listed on this page is in preview. Learn
more about
product launch stages.
Take the next step
Start
building on Google Cloud with $300 in free credits and 20+
always free products.
-
Need help getting started?Contact sales
-
Work with a trusted partnerFind a partner
-
Continue browsingSee all products