How to prevent DDoS attack on Google Cloud Storage

Your question is more about budget control rather than DDOS attacks. Rest assured that Google will protect GCS serving infrastructure from any real DDOS threat, so you do not need to take any additional steps here.

If your concern is that someone may start draining your budget on purpose by bulk downloading your content, you should not make it public in the first place.

You can take different approaches to serve non-public content from GCS to your end-users. Just to get you started, check this out:

• GCS Access Control and GCS Signed URLs specifically
• Restricting files from Google Cloud Storage to the users that have authenticated with my Google App Engine app?
• Google Cloud Storage - Limit Access Token to Single Bucket