IP deny list/allow list (Cloud Armor)

Single tenant/Exclusive Instance required

To block incoming traffic based on IP addresses and ranges we use Google Cloud Armor, an IP allow/deny list feature.

Cloud Armor allows you to restrict or allow access to HTTP(S) load balancer at the edge of the Google Cloud preventing malicious traffic from consuming resources and entering your virtual private cloud (VPC) networks. You can also use it to control access based on IPv4 and IPv6 addresses or CIDRs and to restrict the ability of different IPs to log in to Bloomreach Engagement.

A good practice is that this list has less than 10 IPs, as more IPs increase the risk. The client can restrict traffic from up to 10 IP addresses per instance (quota).

Google Cloud Armor also provides DDoS protection.