Audits
Consulting
Case Studies
Team
Content
Store

Can I use Cloud Armor with Cloud Run?

Illustration of a person with a stylized haircut, wearing an armored suit with a scarf, pulling a sword from a cloud of smoke or mist. Illustration of a person with a stylized haircut, wearing an armored suit with a scarf, pulling a sword from a cloud of smoke or mist.

When you want to secure something in Google Cloud, the first tool you can utilize is Google Cloud Armor.

For instance, if we aim to secure our Cloud Run, we might say, "Okay, let's use Cloud Armor." However, there's an issue, as you can see. When you have the default URL connected to your Cloud Run and you're not employing a load balancer, nor are you using a backend, in this scenario, Cloud Armor can be bypassed. This is problematic because without security, you're left with two options:

  1. You could use a team layer, for example, Cloudflare, or

  2. You might say, "Okay, I want to use Cloud Armor," then you must place a load balancer in front of your Cloud Run and ensure you have a backend. That is when you can start to use Cloud Armor effectively. Cloud Armor is an excellent tool that helps to mitigate threats, such as Distributed Denial of Service (DDoS) attacks and SQL injection, among many others.

It even has a feature to automatically alert you if someone is attacking and instructs you on how to rectify those errors by automatically creating a new rule.

However, it comes with a significant issue: pricing. Why is pricing problematic? The cost for Google Cloud Armor is substantial. If you opt for the enterprise tier on a pay-as-you-go basis, you'll be paying €200 per month, plus additional expenses. The standard offering, which is the default, means you pay for everything you consume.

For instance, adaptive protection is only available in the enterprise tier. If you're on the standard plan, you can't access this pay-as-you-go service, meaning you miss out on the full capabilities of adaptive protection.

So then, you might think, "It’s €3,000 if I want everything," or at least a minimum of €200, but this can quickly add up to about €1,000 per month. And you might say, "Wow, I have to pay a lot."

Must I spend all this money to secure my cloud? The other option, as the documentation suggests, if you’re bypassing this issue, is to use Cloudflare. It works similarly and comes with numerous benefits.

The first benefit is the price. The basic tier is free, offering almost every feature. The pro tier, comparable to the €3,000 tier of Cloud Armor, is only €20. If you don't need 24/7 support, you can opt for this €20 plan, which is a significant difference depending on your payment level and the rules you require.

In the end, your environment will be secure. I love how Google Cloud and Cloud Armor function; indeed, Cloud Armor’s protection is fantastic. However, I think the pricing is a bit excessive—€3,000 per month is not feasible for every company, as it totals €36,000 annually.

Here's the same article in video form for your convenience: