Default CloudFront Certificate

Hello. By default, CloudFront provides a free SSL/TLS certificate for the CloudFront URL (e.g., d12345abcd.cloudfront.net). This certificate only works for this domain and can't be used for any custom domains unless you provide your own certificate.

If you want to connect from CloudFront to ALB over HTTPS, your ALB needs its own SSL/TLS certificate. The CloudFront default certificate can't be used for this. Here are the general steps:

Request or Import an SSL Certificate: You can do this in the AWS Certificate Manager (ACM). If you don't have a domain yet, this could be a challenge. You might want to consider acquiring a domain or using a self-signed certificate for testing purposes (though browsers will flag this as insecure).

Attach the Certificate to the ALB: Once you have a certificate in ACM, you can assign it to an HTTPS listener on your ALB.

CloudFront to ALB Communication: CloudFront can communicate with your ALB over HTTP or HTTPS. If you're setting it up over HTTPS, ensure:

• ALB has an SSL certificate (as mentioned).
• In CloudFront's origin settings, choose HTTPS for the Origin Protocol Policy.

If you decide to use a custom domain with CloudFront later on, you will need to request or import another SSL certificate for that domain and assign it to the CloudFront distribution. The default CloudFront certificate won't cover custom domains.

Regards, Andrii