Create a load balancer endpoint for Verified Access - AWS Verified Access

Create a load balancer endpoint for Verified Access

Use the following procedure to create a load balancer endpoint. For more information about load balancers, see the Elastic Load Balancing User Guide.

Requirements

  • Only IPv4 traffic is supported.

  • Only the HTTP and HTTPS protocols are supported.

  • The load balancer must be either an Application Load Balancer or a Network Load Balancer, and it must be an internal load balancer.

  • The load balancer and subnets must belong to the same virtual private cloud (VPC).

  • HTTPS load balancers can use either self-signed or public TLS certificates.

  • You must provide a domain name for your application. This is the public DNS name your users will use to access your application. You will also need to provide a public SSL certificate with a CN that matches this domain name. You can create or import the certificate using AWS Certificate Manager.

To create a load balancer endpoint

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Verified Access endpoints.

  3. Choose Create Verified Access endpoint.

  4. (Optional) For Name tag and Description, enter a name and description for the endpoint.

  5. For Verified Access group, choose a Verified Access group for the endpoint.

  6. For Application details, do the following:

    1. For Application domain, enter a DNS name for your application.

    2. Under Domain certificate ARN, choose the public TLS certificate.

  7. For Endpoint details, do the following:

    1. For Attachment type, choose VPC.

    2. For Security groups, choose the security groups for the endpoint. Traffic from the Verified Access endpoint that enters your load balancer will be associated with this security group.

    3. For Endpoint domain prefix, enter a custom identifier to prepend to the DNS name that Verified Access generates for the endpoint.

    4. For Endpoint type, choose Load balancer.

    5. For Protocol, choose HTTPS or HTTP.

    6. Under Port, enter the port number.

    7. For Load balancer ARN, choose the load balancer.

    8. For Subnets, choose the subnets for your load balancer.

  8. (Optional) For Policy definition, enter a Verified Access policy for the endpoint.

  9. (Optional) To add a tag, choose Add new tag and enter the tag key and the tag value.

  10. Choose Create Verified Access endpoint.