4

AWS has AWS Shield for free, and they seem pretty similar. Right now DDoS protection is the most important reason to go cloud for me, so this may be the deciding factor.

Rubén
  • 34,714
  • 9
  • 70
  • 166
A. Owl
  • 51
  • 1
  • 6
  • 1
    No, I'm afraid Cloud Armor isn't currently free no matter the GCP product the policies are applied to. Please see the [pricing](https://cloud.google.com/armor/pricing) documentation page if you haven't already. – Maxim Dec 27 '19 at 15:57
  • Shield is built into AWS, and is similar to the built-in protections Google Cloud also provides free of charge. Cloud Armor is more comparable to Shield Advanced, which is a paid service. – Travis Webb Dec 30 '19 at 06:40

1 Answers1

5

Cloud Armor is not free, you can check outs its pricing here, and it's not integrated for free with other GCP products; by looking at the AWS documentation, it seems to be the equivalent of "AWS Shield Advanced".

However, just by using the Google Cloud infraestructure, you are protected by the Google Frontend if you use HTTP(s) Load Balancing. This seems to be similar to what AWS offers on their "Shield Standard" tier, which seems to be the free tier as well.

This document here contains more information about what measures you can take in GCP to mitigate and protect yourself from DDoS attacks.

Perhaps the part more relevant segments for your question are these:

DDoS Protection by enabling Proxy-based Load Balancing

When you enable HTTP(S) Load Balancing or SSL proxy Load Balancing, Google infrastructure mitigates and absorbs many Layer 4 and below attacks, such as SYN floods, IP fragment floods, port exhaustion, etc.

[...]

Protection by Google Frontend infrastructure

With Google Cloud Global Load Balancing, the frontend infrastructure which terminates user traffic, automatically scales to absorb certain types of attacks (e.g., SYN floods) before they reach your compute instances

So GCP Load Balancing protects you by default from common attacks, while Cloud Armor extends this by allowing you to create and set policies for more complex/targeted DDoS attacks on your services.

Joan Grau Noël
  • 3,084
  • 12
  • 21
  • Do you need to buy multiple servers for load balancing, or is the protection applied when you just have one server? Also, does it matter if your application is not a website, rather a game server that does not use HTTP(S)? – A. Owl Dec 27 '19 at 17:29
  • @A.Owl - Yes, you can use only one backend server. There are many benefits to HTTP(S) Load Balancers including DDoS and CDN+Cloud Storage support. If your game server does not use HTTP(S), then you cannot use HTTP(S) Load Balancers. I would create a new question and not ask in a comment. – John Hanley Dec 27 '19 at 19:10
  • Ok, will ask a new question. Upvoting and marking your question as best answer. EDIT: I can't upvote because I'm too new. – A. Owl Dec 27 '19 at 22:13