amazon-web-servicesgoogle-cloud-platformddos

Is Google Cloud Armor free with other Google Cloud products?


AWS has AWS Shield for free, and they seem pretty similar. Right now DDoS protection is the most important reason to go cloud for me, so this may be the deciding factor.


Solution

  • Cloud Armor is not free, you can check outs its pricing here, and it's not integrated for free with other GCP products; by looking at the AWS documentation, it seems to be the equivalent of "AWS Shield Advanced".

    However, just by using the Google Cloud infraestructure, you are protected by the Google Frontend if you use HTTP(s) Load Balancing. This seems to be similar to what AWS offers on their "Shield Standard" tier, which seems to be the free tier as well.

    This document here contains more information about what measures you can take in GCP to mitigate and protect yourself from DDoS attacks.

    Perhaps the part more relevant segments for your question are these:

    DDoS Protection by enabling Proxy-based Load Balancing

    When you enable HTTP(S) Load Balancing or SSL proxy Load Balancing, Google infrastructure mitigates and absorbs many Layer 4 and below attacks, such as SYN floods, IP fragment floods, port exhaustion, etc.

    [...]

    Protection by Google Frontend infrastructure

    With Google Cloud Global Load Balancing, the frontend infrastructure which terminates user traffic, automatically scales to absorb certain types of attacks (e.g., SYN floods) before they reach your compute instances

    So GCP Load Balancing protects you by default from common attacks, while Cloud Armor extends this by allowing you to create and set policies for more complex/targeted DDoS attacks on your services.