# Create a load balancer endpoint for Verified Access Use the following procedure to create a load balancer endpoint for Verified Access. For more information about load balancers, see the [Elastic Load Balancing User Guide](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/). **Requirements** + Only IPv4 traffic is supported. + Long-lived HTTPS connections, such as WebSocket connections, are supported only through TCP. + The load balancer must be either an Application Load Balancer or a Network Load Balancer, and it must be an internal load balancer. + The load balancer and subnets must belong to the same virtual private cloud (VPC). + HTTPS load balancers can use either self-signed or public TLS certificates. Use an RSA certificate with a key length of 1,024 or 2,048. + Before you create a Verified Access endpoint, you must create a Verified Access group. For more information, see [Create a Verified Access group](create-verified-access-group.md#create-group). + You must provide a domain name for your application. This is the public DNS name your users will use to access your application. You will also need to provide a public SSL certificate with a CN that matches this domain name. You can create or import the certificate using AWS Certificate Manager. **To create a load balancer endpoint using the console** 1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/). 1. In the navigation pane, choose **Verified Access endpoints**. 1. Choose **Create Verified Access endpoint**. 1. (Optional) For **Name tag** and **Description**, enter a name and description for the endpoint. 1. For **Verified Access group**, choose a Verified Access group. 1. For **Endpoint details**, do the following: 1. For **Protocol**, choose a protocol. 1. For **Attachment type**, choose **VPC**. 1. For **Endpoint type**, choose **Load balancer**. 1. (HTTP/HTTPS) For **Port**, enter the port number. (TCP) For **Port ranges**, enter a port range and choose **Add port**. 1. For **Load balancer ARN**, choose a load balancer. 1. For **Subnet**, choose the subnets. You can specify only one subnet per Availability Zone. 1. For **Security groups**, choose the security groups for the endpoint. These security groups control the inbound and outbound traffic for the Verified Access endpoint. 1. For **Endpoint domain prefix**, enter a custom identifier to prepend to the DNS name that Verified Access generates for the endpoint. 1. (HTTP/HTTPS) For **Application details**, do the following: 1. For **Application domain**, enter a DNS name for your application. 1. Under **Domain certificate ARN**, choose a public TLS certificate. 1. (Optional) For **Policy definition**, enter a Verified Access policy for the endpoint. 1. (Optional) To add a tag, choose **Add new tag** and enter the tag key and the tag value. 1. Choose **Create Verified Access endpoint**. **To create a Verified Access endpoint using the AWS CLI** Use the [create-verified-access-endpoint](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-verified-access-endpoint.html) command.