ZTNA agentless web-based application access for AWS FortiGate

I have my FortiGate in AWS version 7.6.2.  I am trying to setup  ZTNA Agentless web-based app and it looks like you need a new external IP where users connect for the web app.  My question is the Fortigate is in its own subnet in AWS so can I just use an IP thats in that subnet?  Do I need to allocate an ENI from AWS to this FortiGate?  If I allocate a new ENI do I need to do more on the Fortigate beyond creating the config firewall vip section that has the IP?