GCP Cloud armor Quota 'SECURITY_POLICY_RULES' exceeded. Limit: 0.0 globally error for Free tier account

Question

I am getting below error when trying to create GCP Cloud Armor from terraform or Console.

│ Error: Error waiting for Creating SecurityPolicy "default-policy": Quota 'SECURITY_POLICY_RULES' exceeded.  Limit: 0.0 globally.

I am using a Free Tier account. I checked in Quota , I couldn't find Cloud armor. How can I make it work.

with security policies Quota , getting compute engine API service

with security policy api getting compute engine API service

And getting below message when I hover over both the services check box

Answer 1

May be you would be using the security rules that are coming from the "Managed Protection Plan" and that's why it's showing you out of quota. ( Assuming your account is fully activated )

Google Cloud Armor comes up in 2 plans :

1. Standard
2. Managed Protection Plan

As of their recent changes, you should be able to create the Armor Polices in Standard Mode for free.

But if you happen to create policies under "Armor Managed Protection Plan", this comes up with Licencing fee with google and not part of the free-tier.

You can check whether the policy that you created has the rules that falls under this "Threat Detection Category" or not

Ref: https://cloud.google.com/armor/docs/threat-intelligence

Thanks

Answer 2

For new accounts without payment history, Google restricts access to some services. Cloud Armor is one of those services.

The solution is either to wait until your account has paid several statements on time, or contact Google Cloud Sales to ask for an exception. In my experience, end users must wait, but businesses are approved.