I have a use case that requires creating policies to allow or block traffic based on a set of public IP addresses. From the GCP Cloud Armor console, I read that a single Cloud Armor policy only allows up to 10 IP CIDRs. The number of IP addresses ranges from 100 to 1000, making it impractical or inefficient to create policies manually to handle this. Does GCP have any provision similar to the IP set functionality in AWS WAF? If not, how can I implement this?

I am trying to implement rate limiting for GET and POST for the same API call. The only difference in both the request is extra ID we are passing with POST.