Create a network interface endpoint for Verified Access
Use the following procedure to create a network interface endpoint.
Requirements
-
Only IPv4 traffic is supported.
-
Only the HTTP and HTTPS protocols are supported.
-
The network interface must belong to the same virtual private cloud (VPC) as the security groups.
-
We use the private IP on the network interface to forward the traffic.
-
You must provide a domain name for your application. This is the public DNS name your users will use to access your application. You will also need to provide a public SSL certificate with a CN that matches this domain name. You can create or import the certificate using AWS Certificate Manager.
To create a network interface endpoint
-
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access endpoints.
-
Choose Create Verified Access endpoint.
-
(Optional) For Name tag and Description, enter a name and description for the endpoint.
-
For Verified Access group, choose a Verified Access group for the endpoint.
-
For Application details, do the following:
-
For Application domain, enter the DNS name for your application.
-
Under Domain certificate ARN, choose the public TLS certificate.
-
-
For Endpoint details, do the following:
-
For Attachment type, choose VPC.
-
For Security groups, choose the security groups for the endpoint. Traffic from the Verified Access endpoint that enters your network interface will be associated with this security group.
-
For Endpoint domain prefix, enter a custom identifier to prepend to the DNS name that Verified Access generates for the endpoint.
-
For Endpoint type, choose Network interface.
-
For Protocol, choose HTTPS or HTTP.
-
Under Port, enter the port number.
-
For Network interface, choose the network interface.
-
-
(Optional) For Policy definition, enter a Verified Access policy for the endpoint.
-
(Optional) To add a tag, choose Add new tag and enter the tag key and the tag value.
-
Choose Create Verified Access endpoint.