Menu
I wonder if it is possible to use Cloud Armor with GAE Flex? Because in Cloud Armor's documentation, it says that you have to use an HTTPS Load Balancer. Since GAE Flex doesn't have a load balancer, how can we use Cloud Armor with GAE Flex? We have to use a WAF to prevent DDOS attacks. Is it possible to use Cloud Armor with GAE Flex through HTTPS Load Balancer? If so, can you explain how I can achieve this goal?
Thank you.
630
Google Cloud Armor security policies enable you to allow or deny access to your deployment at the Google Cloud edge, as close as possible to the source of incoming traffic. This prevents unwelcome traffic from consuming resources or entering your Virtual Private Cloud (VPC) networks.
Tuning Google Cloud Armor WAF rulesPreconfigured web application firewall (WAF) rules with dozens of signatures that are compiled from open source industry standards.
Google Cloud customers are able to use Cloud Armor to leverage the global scale and capacity of Google's network edge to protect their environment from some of the largest DDoS attacks ever seen.
As per document 1 the only backends supported by HTTP(S) Load Balancer are: MIG, IG, NEGs and storage buckets. Hence, it's not possible to use App Engine Flex with the HHTP(S) Load Balancer.
An HTTP load balancer can only be used for Managed Instance Groups, Instance Groups, Network Endpoint Groups, and Storage Buckets. So you won’t be able to use an HTTP load balancer with App Engine Flex.
However, there are many other options for securing an App Engine application. You can use an App Engine Firewall 2 rule to keep out all traffic except a single service 3 . App Engine also sits behind the Google front-end, which absorbs many basic attacks like SYN floods, IP fragment floods, or port exhaustion. I’m also sending you a document on our best practices for preventing DDOS attacks 4.
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
