Cloud Armor

Google Cloud Armor is a network security service that provides DDoS attack protection and Web Application Firewall (WAF) capabilities for applications deployed on GCP. It protects applications from web attacks and volumetric DDoS attacks.

Key Features:

1. DDoS protection - Always-on protection against L3/L4 volumetric DDoS attacks.

2. WAF rules - Pre-configured rules for OWASP Top 10 vulnerabilities (SQLi, XSS, etc.).

3. Adaptive protection - ML-based detection of application-layer DDoS attacks.

4. IP allowlist/denylist - Block or allow traffic based on IP addresses, IP ranges, regions, or ASNs.

5. Rate limiting - Throttle requests per client IP to prevent abuse.

The below example shows how to create a Cloud Armor security policy using gcloud.

It gives the following output,

Created security policy [my-security-policy].
Created rule [1000] - Block bad IP range.
Created rule [2000] - Block SQLi attacks.
Created rule [2001] - Block XSS attacks.
Updated backend service [my-backend].

Cloud Armor Tiers:

Standard - Always-on DDoS, IP allow/deny lists, and preconfigured WAF rules. Pay per policy and request.

Managed Protection Plus - Adds Adaptive Protection (ML-based L7 DDoS), threat intelligence, and named IP lists. Subscription-based pricing.