Allow traffic that originates from your Verified Access endpoint

You can configure the security groups for your applications so that they allow traffic that originates from your Verified Access endpoint. You do this by adding an inbound rule that specifies the security group for the endpoint as the source. We recommend that you remove any additional inbound rules, so that your application receives traffic only from your Verified Access endpoint.

We recommend that you keep your existing outbound rules.

To update the security group rules for your application

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Verified Access endpoints.
Choose the Verified Access endpoint, find Security group IDs on the Details tab, and copy the ID of the security group for your endpoint.
In the navigation pane, choose Security groups.
Select the check box for the security group associated with your target, and then choose Actions, Edit inbound rules.
To add a security group rule that allows traffic that originates from your Verified Access endpoint, do the following:
1. Choose Add rule.
2. For Type, choose All traffic or the specific traffic to allow.
3. For Source, choose Custom and paste the ID of the security group for your endpoint.
(Optional) To require that traffic originates only from your Verified Access endpoint, delete any other inbound security group rules.
Choose Save rules.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create a network interface endpoint

Modify a Verified Access endpoint