Reputation: 2820
Google Cloud Armor: Cannot add targets using cloud armor
I configured a Cloud Armor policy however when I try to apply the policy to a new target the '+Add Target' button is disabled.
Upvotes: 4
Views: 3059
Answers (1)
Reputation: 134
I understand that you can't apply the policy to a new target. This should be related to your HTTP(S) Load Balancer, because Cloud Armor is used in conjunction with HTTP(S) Load balancer. See the below link for more details:
https://cloud.google.com/armor/docs/security-policy-concepts
Once you have a healthy load balancer, it should be available to be added to your cloud armor policy. Also, make sure that the Load balancer is not using CDN there are some limitations. Cloud Armor Security Policies and IP blacklist/whitelist are not supported for Cloud CDN in the Beta release. If you try to associate a Cloud Armor Security Policy for a backend service and Cloud CDN is enabled, the config will be rejected. Targets are Google Cloud Platform resources that you want to control access to. For the Beta release, you can only use non-CDN HTTP(S) load balancer backend services as targets.
Also, you can try to apply the policy using the gcloud command line tool, and check if it is working or not. See the link below for more insight on gcloud command line tool.
https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-armor-backendconfig
Upvotes: 1
Related Questions
- Use Cloud Armor with Cloud Run and avoid bypass
- Cloud Armor | allow multiple request paths in one line
- GCP Cloud armor Quota 'SECURITY_POLICY_RULES' exceeded. Limit: 0.0 globally error for Free tier account
- Adding google cloud armor to Terraform gke and kubernetes
- Gcloud command, can't specify "cloud-platform" scope when creating instance templates
- GCP How can we attach google armor with google NEG?
- How to use Cloud Armor with GAE Flex?
- Cannot create gcloud instance
- Unable to deploy a Cloud ML model
- Google Cloud Platform Add Instance To Managed Instance Group