Create and manage a Verified Access instance
You use a Verified Access instance to organize your trust providers and Verified Access groups. Use the following procedures to create a Verified Access instance, and then attach a trust provider to Verified Access or detach a trust provider from Verified Access.
Tasks
Create a Verified Access instance
Use the following procedure to create a Verified Access instance.
To create a Verified Access instance using the console
-
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access instances, and then Create Verified Access instance.
-
(Optional) For Name and Description, enter a name and description for the Verified Access instance.
-
(Network CIDR endpoints) For Custom subdomain for network CIDR endpoint, enter a custom subdomain.
-
(Optional) Choose Enable for Federal Information Process Standards (FIPS) if you require Verified Access to be FIPS compliant.
-
(Optional) For Verified Access trust provider, choose a trust provider to attach to the Verified Access instance.
-
(Optional) To add a tag, choose Add new tag and enter the tag key and the tag value.
-
Choose Create Verified Access instance.
To create a Verified Access instance using the AWS CLI
Use the create-verified-access-instance
Attach a trust provider to a Verified Access instance
Use the following procedure to attach a trust provider to a Verified Access instance.
To attach a trust provider to a Verified Access instance using the console
-
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access instances.
-
Select the instance.
-
Choose Actions, Attach Verified Access trust provider.
-
For Verified Access trust provider, choose a trust provider.
-
Choose Attach Verified Access trust provider.
To attach a trust provider to a Verified Access instance using the AWS CLI
Use the attach-verified-access-trust-provider
Detach a trust provider from a Verified Access instance
Use the following procedure to detach a trust provider from a Verified Access instance.
To detach a trust provider from a Verified Access instance using the console
-
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access instances.
-
Select the instance.
-
Choose Actions, Detach Verified Access trust provider.
-
For Verified Access trust provider, choose the trust provider.
-
Choose Detach Verified Access trust provider.
To detach a trust provider from a Verified Access instance using the AWS CLI
Use the detach-verified-access-trust-provider
Add a custom subdomain
Use the following procedure to add or update a custom subdomain. This subdomain is used only when you create a network CIDR endpoint.
To add a custom subdomain using the console
-
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Verified Access instances.
-
Select the instance.
-
Choose Actions, Modify Verified Access instance.
-
For Custom subdomain for network CIDR endpoint, enter a custom subdomain.
-
Choose Modify Verified Access instance.
-
Update the nameservers for your subdomain, entering the nameservers provided by Verified Access. This list is available under Nameservers on the Details tab for the instance.
To add a custom subdomain using the AWS CLI
Use the modify-verified-access-instance