# Cloud Armour

GCP Cloud Armour helps protect your applications and websites against denial of service, web breaches, and cyber-attacks.

Use DuploCloud to activate your GCP Cloud Armour software and monitor your cloud infrastructures and deployed services and applications.

## Adding a Security Policy in the DuploCloud Plan

Before you can use DuploCloud with Cloud Armour, define a Security Policy in the DuploCloud Plan that supports your DuploCloud Infrastructure.

1. In the DuploCloud Portal, navigate to **Administrator** -> **Plan**. The **Plans** page displays.
2. From the Name column, select the Plan that corresponds to your Infrastructure. When you create a DuploCloud Infrastructure, a Plan is created with the same name.
3. Click the **Security Policy** tab.
4. Click **Add**. The **Add Security Policy** pane displays.<br>

   <div align="left"><figure><img src="/files/Otz9uqVzbXJDMsR0W4zu" alt=""><figcaption></figcaption></figure></div>
5. In the **Name** field, enter an appropriate name for the Security Policy. This is the name used in the DuploCloud portal. It is convenient to keep it the same as the **Security Policy ID**, but not required.
6. In the **Security Policy ID** field, enter the name of your GCP Cloud Armour Security Policy. This is the name used in the GCP console.
7. Click **Create**. The Security Policy that you specified is displayed in the **Security Policy** tab.<br>

   <div align="left"><figure><img src="/files/3AfslUOGlACBROIcIugn" alt=""><figcaption><p><strong>Security Policy</strong> tab on the DuploCloud <strong>Nonprod Plan</strong> page</p></figcaption></figure></div>

## Adding the Cloud Armour Security Policy to a Load Balancer

Now that the Cloud Armour Security Policy has been defined in your DuploCloud Plan, add the policy to a Load Balancer so that it can monitor network traffic.

1. In the DuploCloud Portal, navigate to **Kubernetes** -> **Services** or **Docker** -> **Services**.
2. Select the Service to which your Load Balancer is attached.
3. Click the **Load Balancer** tab.
4. In the **Other Settings** card, click **Edit**. The **Other Load Balancer Settings** pane displays.<br>

   <div align="left"><figure><img src="/files/XNPC8YyUGFyvOP8wzGyd" alt=""><figcaption><p><strong>Other Load Balancer Settings</strong> pane with <strong>Security Policy</strong> selected</p></figcaption></figure></div>
5. From the Security Policy list box, select the [Security Policy you added in the previous step](#adding-a-security-policy-in-the-duplocloud-plan).
6. Select the **Enable HTTP to HTTPS Redirect** option.
7. Select **Enable Access Logs** to view rule evaluations.
8. In the **Idle Timeout** field, enter the number of minutes for timeout, in seconds.
9. Click **Save**.

The Security Policy displays in the Load Balancer's Other Settings card.

<div align="left"><figure><img src="/files/3Wi9NjaakzvH21NRx9o1" alt=""><figcaption><p><strong>Other Settings</strong> card with <strong>Security Policy</strong> displayed</p></figcaption></figure></div>

## Modifying a Cloud Armour Configuration Security Policy

To change your Cloud Armour configuration to use a different security policy, edit the **Security Policy** in the DuploCloud [Plan](/docs/automation-platform/application-focused-interface-duplocloud-architecture/plan.md#duplocloud-plans).

1. In the DuploCloud Portal, navigate to **Administrator** -> **Plans**. The **Plans** page displays.
2. From the **Name** column, select the Plan that corresponds to your Infrastructure.
3. Click the **Security Policy** tab.<br>

   <div align="left"><figure><img src="/files/MfpXQnGRR3EysAAbf4yh" alt=""><figcaption><p>Plan <strong>Security Policy</strong> tab</p></figcaption></figure></div>
4. In the row listing your security policy, click the Edit Icon ( <img src="/files/4DFaxvVFdrIqoOXZicv8" alt="" data-size="line"> ) to change the Security Policy ID. The **Update Security Policy** pane displays.<br>

   <div align="left"><figure><img src="/files/oob6DOlqEs4GfBI1zrMU" alt=""><figcaption><p><strong>Update Security Policy</strong> pane</p></figcaption></figure></div>
5. Modify the Security Policy **Name** and the **Security Policy ID** as appropriate.
6. Click **Update**. The changes are saved and displayed in the **Security Policy** tab.

## Viewing Security Policy logs

Logs will only be visible if you **Enable Access Logs** in the Load Balancer's Other Settings card.

To view Cloud Armor Security Policy logs:

1. Locate the Security Policy in the GCP Console.
2. Click the **Logs** tab.
3. Click the **View policy logs** link on the Logs tab to view logs of the policy's rule evaluations.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.duplocloud.com/docs/automation-platform/overview-1/gcp-services/cloud-armour.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.