How to rate limit a firebase function with Cloud Armor
I have one cloud function (firebase function) which is public accessible and I would like to rate limit this function with the help of Google Cloud Armor.
However this does not seem like a trivial task as I thought, I could not find much documentation on setting up something like this.
This document illustrate exactly what I need but does not provide any guidance to set this up for a cloud function.
When I try to add a Cloud Armor Policy in the GCP console I even can not add a target
I am on the Standard (not Managed Protection Plus) Plan but I think this should be fine.
Cloud Armor is a WAF, Web Application Firewall to filter the traffic at the Application level of the OSI layers. It's not a rate limiter or authentication layer.
For that you need to add an API management layer that allow you to authenticate and rate limit the API. API Gateway can do that, but only based on an API key. If the user doesn't use API key, it's a common pool that is rate limited and a spammer can create an unavailability of the service by consuming all the quotas everytime.
APIGee is the other solution, but it's entreprise grade (with an entreprise grade billing plan).
Or, if it's for protecting your money, you can limit the number of function instances thanks to the great answer of Kunal Deo.
- Alternate of Authentication create trigger in 2nd Gen - Cloud Functions
- Defining memory for single firebase functions
- Separating Firebase Functions Into Self-Contained "Packages" (Not separate files - entirely separate packages)
- Flutter firebase cloud messaging bad request invalid arguments
- Google Cloud Platform Trace from Cloud Function Invocation to Cloud Run HttpRequest
- changing image repository from Container Registry to Artifact Registry
- Deploying firebase cloud fails because of some build errors
- Firebase Cloud Function - null user.displayName onCreate
- ERROR: (gcloud.beta.functions.deploy) ... message=[The caller does not have permission]
- Cloud function is not triggered by pub/sub topic
- Using asynchronous tasks and batch updates at the same time
- req.headers.split is not a function when getting token from header
- Service account with Workspace-authorized domain-wide delegation gets error "Not Authorized to access this resource/api" when running cloud function
- Firebase Cloud Function - Cannot find module 'firebase-functions/v2/auth'
- How to change admin.initializeApp when deploying different environments
- Google Cloud functions v2 eventarc - How to Track User Context for Deletions in Firebase Realtime Database
- Can't init firebase cloud storage due to cloud resource location
- Firestore exception occurred in retry method that was not classified as transient
- Stripe Error: No signatures found matching the expected signature for payload
- Pattern for handling deferred tasks in a GCP Cloud Function
- Cannot find module 'serviceAccountKey.json'
- Newly Created Firebase Functions Throwing UNAUTHENTICATED Error
- Google Cloud Functions error: "Cannot find module 'sharp'" but it's in my package.json
- Error: HTTP Error 400, The Request has errors. Firebase Firestore Cloud Functions
- "TypeError: functions.firestore.document is not a function in Firebase Cloud Functions"
- Unsupported type error in FirebaseFunctions iOS SDK
- Delete a Document with all Subcollections and Nested Subcollections in Firestore
- Swift Google Autocomplete API: "Internal Error, code: 403"
- Ionic3 Angularfire listen to firestore changes
- Deploying Keras model for prediction in Google Cloud Functions