- Create a security group for the ALB
- Create a security group for you EC2 servers
- Create a launch template with preferred configuration (Use your previously created EC2 security group here).
- Create an auto-scaling group, while doing this create a load balancer and a target group. Use you previously created launch template.
- Edit your EC2 security group and allow HTTP and HTTPS traffic from the ALB security group
- Edit your ALB security group to allow HTTP and HTTPS traffic from the world (0.0.0.0/0), and allow outbound HTTP and HTTPS to yur EC2 security group only.
- Create a cloudfront distribution.
- The origin should be your recently created ALB
- Modify the following settings, the remaining settings can remain default.
Protocol - HTTPS ONLY
Viewer protocol policy -redirect HTTP to HTTPS
- Create distribution.
- It would take a couple minutes to propagate.