# Create a network interface endpoint for Verified Access
<a name="create-network-interface-endpoint"></a>

Use the following procedure to create a network interface endpoint.

**Requirements**
+ Only IPv4 traffic is supported.
+ The network interface must belong to the same virtual private cloud (VPC) as the security groups.
+ We use the private IP on the network interface to forward the traffic.
+ Before you create a Verified Access endpoint, you must create a Verified Access group. For more information, see [Create a Verified Access group](create-verified-access-group.md#create-group).
+ You must provide a domain name for your application. This is the public DNS name your users will use to access your application. You will also need to provide a public SSL certificate with a CN that matches this domain name. You can create or import the certificate using AWS Certificate Manager.

**To create a network interface endpoint using the console**

1. Open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, choose **Verified Access endpoints**.

1. Choose **Create Verified Access endpoint**.

1. (Optional) For **Name tag** and **Description**, enter a name and description for the endpoint.

1. For **Verified Access group**, choose a Verified Access group.

1. For **Endpoint details**, do the following:

   1. For **Protocol**, choose a protocol.

   1. For **Attachment type**, choose **VPC**.

   1. For **Endpoint type**, choose **Network interface**.

   1. (HTTP/HTTPS) For **Port**, enter the port number. (TCP) For **Port ranges**, enter a port range and choose **Add port**.

   1. For **Network interface**, choose a network interface.

   1. For **Security groups**, choose the security groups for the endpoint. These security groups control the inbound and outbound traffic for the Verified Access endpoint.

   1. For **Endpoint domain prefix**, enter a custom identifier to prepend to the DNS name that Verified Access generates for the endpoint.

1. (HTTP/HTTPS) For **Application details**, do the following:

   1. For **Application domain**, enter a DNS name for your application.

   1. Under **Domain certificate ARN**, choose a public TLS certificate.

1. (Optional) For **Policy definition**, enter a Verified Access policy for the endpoint.

1. (Optional) To add a tag, choose **Add new tag** and enter the tag key and the tag value.

1. Choose **Create Verified Access endpoint**.

**To create a Verified Access endpoint using the AWS CLI**  
Use the [create-verified-access-endpoint](https://docs.aws.amazon.com/cli/latest/reference/ec2/create-verified-access-endpoint.html) command.