I am curious about the legality of this. I guess I assumed that doing this type of thing would technically a DCMA type breech? So this makes me wonder if my assumption wrong? How does this work legally?
GCP's max instance count is helpful to a certain extent, but this doesn't completely protect you unless from DDOS attacks. If you have 3 nodes that can all handle 1000 requests per second, and those requests are doing something expensive the max instance limit doesn't help you.
Although I guess if you have 3 nodes that can only handle 100 requests each the damage of a DDOS would be much more limited.
I enjoyed Google's GCP for quite a long time until they removed the ability to cap expenses with a budget limit. (It used to be that if you hit your budget limit you can make your site error out). Now everyone on GCP is one DDOS away from a nightmare cloud bill. I'd rather use a traditional server and be able to sleep at night. I moved all my sites and client sites off GCP.
The most annoying part is that Googles infrastructure for cloud computing is so much better than the others if you're willing to work within their ecosystem. Simple deployments, version management, rollbacks, etc... There is nothing quite like it. (Im not saying there aren't competitors, just that Google seems easiest to use)