Re: Cloud Armor integration with Apigee Edge Cloud

tgp · 07-30-2023 09:30 PM

As our client is looking for an additional WAF security infront of Apigee Edge Public Cloud.
Hence, I like to know the feasibility to integrate GCP's Cloud Armor with Apigee Edge Public Cloud.
Please let me know the prerequisites to integrate Cloud Armor with Apigee Edge Public Cloud, if it is technically feasible.

Is it possible to consider this approach outlined in this doc.
https://cloud.google.com/armor/docs/integrating-cloud-armor#hybrid

TIA.

Bhusjfw

@tgp wrote:
As our client is looking for an additional WAF security infront of Apigee Edge Public Cloud.
Hence, I like to know the feasibility to integrate GCP's Cloud Armor with Apigee Edge Public Cloud. Mayo Clinic Portal
Please let me know the prerequisites to integrate Cloud Armor with Apigee Edge Public Cloud, if it is technically feasible.

Thank you for your inquiry. Integrating GCP's Cloud Armor with Apigee Edge Public Cloud is technically feasible. To integrate Cloud Armor with Apigee Edge, you will need to ensure that you have a GCP project with Cloud Armor enabled and the necessary APIs enabled in Apigee Edge. Additionally, you will need to configure the appropriate security policies and rules in Cloud Armor to protect your Apigee Edge deployment. Please let me know if you require any further information or assistance with this integration.

dknezic

You can use Cloud Armor with Apigee X natively since you will be exposing your Apigee X instance via a Google Cloud Load Balancer.

However for Edge, you cannot use the same approach. Maybe you could create a proxy instance group, to proxy traffic to Edge, and expose that proxy via a load balancer with cloud armor applied. Not the most elegant solution..