
Before you begin
- Labs create a Google Cloud project and resources for a fixed time
- Labs have a time limit and no pause feature. If you end the lab, you'll have to restart from the beginning.
- On the top left of your screen, click Start lab to begin
Create a VM to test access to the load balancer
/ 50
Create a security policy with Google Cloud Armor
/ 50
Application Load balancing (HTTP/HTTPS) is implemented at the edge of Google's network in Google's points of presence (POP) around the world. User traffic directed to an Application Load Balancer enters the POP closest to the user and is then load balanced over Google's global network to the closest backend that has sufficient capacity available.
Google Cloud Armor IP blocklists/allowlists enable you to restrict or allow access to your Application Load Balancer at the edge of the Google Cloud, as close as possible to the user and to malicious traffic. This prevents malicious users or traffic from consuming resources or entering your virtual private cloud (VPC) networks.
In this lab, you will verify that an Application Load Balancer with global backends is deployed. This load balancer is automatically provisioned for you during startup. You will then create a VM to test access to the load balancer. Finally, you will stress test the load balancer and blocklist the stress test IP with Google Cloud Armor.
In this lab, you will learn how to perform the following tasks:
For each lab, you get a new Google Cloud project and set of resources for a fixed time at no cost.
Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is the Lab Details panel with the following:
Click Open Google Cloud console (or right-click and select Open Link in Incognito Window if you are running the Chrome browser).
The lab spins up resources, and then opens another tab that shows the Sign in page.
Tip: Arrange the tabs in separate windows, side-by-side.
If necessary, copy the Username below and paste it into the Sign in dialog.
You can also find the Username in the Lab Details panel.
Click Next.
Copy the Password below and paste it into the Welcome dialog.
You can also find the Password in the Lab Details panel.
Click Next.
Click through the subsequent pages:
After a few moments, the Google Cloud console opens in this tab.
In this task, you verify that the global Application Load Balancer is deployed. The Application Load Balancer is automatically created when you start the lab. This will be used for a simple web application. This application is deployed to demonstrate the capabilities of Google Cloud Armor.
On the Google Cloud console title bar, click Activate Cloud Shell (). If prompted, click Continue, and then click Authorize.
Verify that the load balancer is deployed and registered by executing the following command:
Keep track of this IP address. It will also be used in a later section.
http://{IP_ADDRESS}
.Replace {IP_ADDRESS}
with the IP address of the load balancer. Do not include the curly braces when you are asked to provide the IP address.
If you get a message that the IP address doesn't support a secure connection, click Continue to site.
Keep refreshing the page until you see a page with a message similar to this:
curl
command to access the IP address:The responses will be from backends that have been created in different zones.
In the Google Cloud console, in the Navigation menu (), click Compute Engine > VM instances.
Click Create instance.
On the Machine configuration page, enter the following values:
Field | Value (type or select) |
---|---|
Name | access-test |
Region | |
Zone |
Leave everything else at the default and click Create.
Once launched, click the SSH button to connect to the instance.
Run the following command on the instance to access the load balancer:
The output should look similar to:
Click Check my progress to verify the objective.
Property |
Value |
Mode |
Basic mode (IP addresses/ranges only) |
Match |
Enter the External IP of the access-test VM |
Action |
Deny |
Response code |
404 (Not Found) |
Priority |
1000 |
Wait for the policy to be created before moving to the next step.
curl
command again on the instance to access the load balancer:The output should look as follows.
Output:
Click Check my progress to verify the objective.
In this lab, you have done the following:
If you are interested in progressing your knowledge on Cloud Armor, take the following course:
When you have completed your lab, click End Lab. Google Cloud Skills Boost removes the resources you’ve used and cleans the account for you.
You will be given an opportunity to rate the lab experience. Select the applicable number of stars, type a comment, and then click Submit.
The number of stars indicates the following:
You can close the dialog box if you don't want to provide feedback.
For feedback, suggestions, or corrections, please use the Support tab.
Copyright 2025 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.
This content is not currently available
We will notify you via email when it becomes available
Great!
We will contact you via email if it becomes available
One lab at a time
Confirm to end all existing labs and start this one