Cloud Armour
Implement GCP Cloud Armour in DuploCloud
Last updated
Implement GCP Cloud Armour in DuploCloud
Last updated
© DuploCloud, Inc. All rights reserved. DuploCloud trademarks used herein are registered trademarks of DuploCloud and affiliates
GCP Cloud Armour helps protect your applications and websites against denial of service, web breaches, and cyber-attacks.
Use DuploCloud to activate your GCP Cloud Armour software and monitor your cloud infrastructures and deployed services and applications.
Before you can use DuploCloud with Cloud Armour, define a Security Policy in the DuploCloud Plan that supports your DuploCloud Infrastructure.
In the DuploCloud Portal, navigate to Administrator -> Plan. The Plans page displays.
From the Name column, select the Plan that corresponds to your Infrastructure. When you create a DuploCloud Infrastructure, a Plan is created with the same name.
Click the Security Policy tab.
Click Add. The Add Security Policy pane displays.
In the Name field, enter an appropriate name for the Security Policy. This is the name used in the DuploCloud portal. It is convenient to keep it the same as the Security Policy ID, but not required.
In the Security Policy ID field, enter the name of your GCP Cloud Armour Security Policy. This is the name used in the GCP console.
Click Create. The Security Policy that you specified is displayed in the Security Policy tab.
Now that the Cloud Armour Security Policy has been defined in your DuploCloud Plan, add the policy to a Load Balancer so that it can monitor network traffic.
In the DuploCloud Portal, navigate to Kubernetes -> Services or Docker -> Services.
Select the Service to which your Load Balancer is attached.
Click the Load Balancer tab.
In the Other Settings card, click Edit. The Other Load Balancer Settings pane displays.
From the Security Policy list box, select the Security Policy you added in the previous step.
Select the Enable HTTP to HTTPS Redirect option.
Select Enable Access Logs to view rule evaluations.
In the Idle Timeout field, enter the number of minutes for timeout, in seconds.
Click Save.
The Security Policy displays in the Load Balancer's Other Settings card.
To change your Cloud Armour configuration to use a different security policy, edit the Security Policy in the DuploCloud Plan.
In the DuploCloud Portal, navigate to Administrator -> Plans. The Plans page displays.
From the Name column, select the Plan that corresponds to your Infrastructure.
Click the Security Policy tab.
Modify the Security Policy Name and the Security Policy ID as appropriate.
Click Update. The changes are saved and displayed in the Security Policy tab.
Logs will only be visible if you Enable Access Logs in the Load Balancer's Other Settings card.
To view Cloud Armor Security Policy logs:
Locate the Security Policy in the GCP Console.
Click the Logs tab.
Click the View policy logs link on the Logs tab to view logs of the policy's rule evaluations.
In the row listing your security policy, click the Edit Icon ( ) to change the Security Policy ID. The Update Security Policy pane displays.