Create a load balancer endpoint for Verified Access
Use the following procedure to create a load balancer endpoint. For more information about load balancers, see the Elastic Load Balancing User Guide.
Requirements
-
Only IPv4 traffic is supported.
-
Only the HTTP and HTTPS protocols are supported.
-
The load balancer must be either an Application Load Balancer or a Network Load Balancer, and it must be an internal load balancer.
-
The load balancer and subnets must belong to the same virtual private cloud (VPC).
-
HTTPS load balancers can use either self-signed or public TLS certificates.
-
You must provide a domain name for your application. This is the public DNS name your users will use to access your application. You will also need to provide a public SSL certificate with a CN that matches this domain name. You can create or import the certificate using AWS Certificate Manager.
To create a load balancer endpoint
-
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access endpoints.
-
Choose Create Verified Access endpoint.
-
(Optional) For Name tag and Description, enter a name and description for the endpoint.
-
For Verified Access group, choose a Verified Access group for the endpoint.
-
For Application details, do the following:
-
For Application domain, enter a DNS name for your application.
-
Under Domain certificate ARN, choose the public TLS certificate.
-
-
For Endpoint details, do the following:
-
For Attachment type, choose VPC.
-
For Security groups, choose the security groups for the endpoint. Traffic from the Verified Access endpoint that enters your load balancer will be associated with this security group.
-
For Endpoint domain prefix, enter a custom identifier to prepend to the DNS name that Verified Access generates for the endpoint.
-
For Endpoint type, choose Load balancer.
-
For Protocol, choose HTTPS or HTTP.
-
Under Port, enter the port number.
-
For Load balancer ARN, choose the load balancer.
-
For Subnets, choose the subnets for your load balancer.
-
-
(Optional) For Policy definition, enter a Verified Access policy for the endpoint.
-
(Optional) To add a tag, choose Add new tag and enter the tag key and the tag value.
-
Choose Create Verified Access endpoint.