Google Cloud Armor

Google Cloud Armor API

The Google Cloud Armor API enables programmatic management of security policies, rules, and threat intelligence configurations to protect applications from DDoS attacks and web-based threats.

GitHub OpenAPI

Documentation

📖
Documentation
https://cloud.google.com/armor/docs/reference/rest
📖
Authentication
https://cloud.google.com/docs/authentication
📖
GettingStarted
https://cloud.google.com/armor/docs/configure-security-policies

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/google-cloud-armor/refs/heads/main/openapi/openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/google-cloud-armor/refs/heads/main/json-schema/json-schema.yml

Other Resources

🔗
JSONLDContext
https://raw.githubusercontent.com/api-evangelist/google-cloud-armor/refs/heads/main/json-ld/json-ld.yml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/google-cloud-armor/refs/heads/main/capabilities/openapi-securitypolicies.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/google-cloud-armor/refs/heads/main/capabilities/openapi-securitypolicyrules.yaml

OpenAPI Specification

openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Google Cloud Armor API
  description: >-
    Provides programmatic access to manage security policies, rules, and threat
    intelligence configurations for protecting applications from DDoS attacks
    and web-based threats.
  version: v1
  contact:
    name: Google Cloud
    url: https://cloud.google.com/armor/docs
servers:
  - url: https://compute.googleapis.com/compute/v1
    description: Google Cloud Armor production endpoint
tags:
  - name: SecurityPolicies
    description: Manage security policies for Cloud Armor
  - name: SecurityPolicyRules
    description: Manage individual rules within security policies
paths:
  /projects/{project}/global/securityPolicies:
    get:
      operationId: listSecurityPolicies
      summary: Google Cloud Armor List security policies
      description: Retrieves the list of security policies available to the specified project.
      tags:
        - SecurityPolicies
      parameters:
        - name: project
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecurityPolicyList'
    post:
      operationId: createSecurityPolicy
      summary: Google Cloud Armor Create a security policy
      description: Creates a security policy in the specified project.
      tags:
        - SecurityPolicies
      parameters:
        - name: project
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SecurityPolicy'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Operation'
  /projects/{project}/global/securityPolicies/{securityPolicy}:
    get:
      operationId: getSecurityPolicy
      summary: Google Cloud Armor Get a security policy
      description: Returns the specified security policy resource.
      tags:
        - SecurityPolicies
      parameters:
        - name: project
          in: path
          required: true
          schema:
            type: string
        - name: securityPolicy
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecurityPolicy'
    patch:
      operationId: patchSecurityPolicy
      summary: Google Cloud Armor Update a security policy
      description: Patches the specified security policy with the data included in the request.
      tags:
        - SecurityPolicies
      parameters:
        - name: project
          in: path
          required: true
          schema:
            type: string
        - name: securityPolicy
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SecurityPolicy'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Operation'
    delete:
      operationId: deleteSecurityPolicy
      summary: Google Cloud Armor Delete a security policy
      description: Deletes the specified security policy.
      tags:
        - SecurityPolicies
      parameters:
        - name: project
          in: path
          required: true
          schema:
            type: string
        - name: securityPolicy
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Operation'
  /projects/{project}/global/securityPolicies/{securityPolicy}/addRule:
    post:
      operationId: addSecurityPolicyRule
      summary: Google Cloud Armor Add a rule to a security policy
      description: Adds a rule to the specified security policy.
      tags:
        - SecurityPolicyRules
      parameters:
        - name: project
          in: path
          required: true
          schema:
            type: string
        - name: securityPolicy
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SecurityPolicyRule'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Operation'
  /projects/{project}/global/securityPolicies/{securityPolicy}/removeRule:
    post:
      operationId: removeSecurityPolicyRule
      summary: Google Cloud Armor Remove a rule from a security policy
      description: Removes a rule from the specified security policy.
      tags:
        - SecurityPolicyRules
      parameters:
        - name: project
          in: path
          required: true
          schema:
            type: string
        - name: securityPolicy
          in: path
          required: true
          schema:
            type: string
        - name: priority
          in: query
          required: true
          schema:
            type: integer
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Operation'
components:
  schemas:
    SecurityPolicy:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the resource
        name:
          type: string
          description: Name of the security policy
        description:
          type: string
          description: An optional description of the security policy
        rules:
          type: array
          items:
            $ref: '#/components/schemas/SecurityPolicyRule'
          description: List of rules in this security policy
        type:
          type: string
          enum:
            - CLOUD_ARMOR
            - CLOUD_ARMOR_EDGE
          description: The type of security policy
        selfLink:
          type: string
          description: Server-defined URL for the resource
    SecurityPolicyRule:
      type: object
      properties:
        priority:
          type: integer
          description: Priority of the rule (lower number = higher priority)
        description:
          type: string
          description: An optional description of the rule
        match:
          type: object
          properties:
            versionedExpr:
              type: string
              enum:
                - SRC_IPS_V1
            config:
              type: object
              properties:
                srcIpRanges:
                  type: array
                  items:
                    type: string
            expr:
              type: object
              properties:
                expression:
                  type: string
                  description: CEL expression for matching
        action:
          type: string
          enum:
            - allow
            - deny(403)
            - deny(404)
            - deny(502)
            - throttle
            - rate_based_ban
          description: Action to take when the rule matches
        preview:
          type: boolean
          description: Whether the rule is in preview mode
    SecurityPolicyList:
      type: object
      properties:
        items:
          type: array
          items:
            $ref: '#/components/schemas/SecurityPolicy'
    Operation:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        status:
          type: string
        targetLink:
          type: string
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://accounts.google.com/o/oauth2/auth
          tokenUrl: https://oauth2.googleapis.com/token
          scopes:
            https://www.googleapis.com/auth/compute: Manage your Google Compute Engine resources
            https://www.googleapis.com/auth/cloud-platform: Full access to Google Cloud Platform resources
security:
  - oauth2:
      - https://www.googleapis.com/auth/compute