在CF模板中定义ALB和所需的安全组的正确方法

【以下的问题经过翻译处理】 我正在尝试了解如何在 CF 模板中定义 ALB、其侦听器、目标组和安全组。所以我写出了这个代码清单。如果 ALB 是内部的，在端口 443 上侦听流量并将该流量发送到实例 Web 服务器上的端口 80，这是否正确？

ALB

Properties:

    Type: internal

    Listener: 80

    Listener: 443

    Subnets

    SecurityGroups

    LBAttributes

ALBListener80

Properties:

    Reference: ALB

    Port: 80

    Redirect rule to port 443

ALBListener443

Properties:

    Reference: ALB

    Port: 443

    SSL Policy

    Certificate

    Forward rule to ALBTarget80

ALBTarget80

Properties:

    Port: 80

    VPCid

    TargetgroupAttributes

    Registered instance(s)

    Healthcheck

    Check port 80

ALBSecurityGroup

Ingress rules:

    Allow port 80 from VPC CIDR

    Allow port 443 from VPC CIDR

Egress rules:

    Allow port 80 to InstanceSecurityGroup

    Allow port 443 to InstanceSecurityGroup

    Allow All traffic to 127.0.0.1/32

InstanceSecurityGroup

Ingress rules:

    Allow port 80 from VPC CIDR

    Allow port 443 from VPC ALBSecurityGroup

Egress rules:

    Allow all to 0.0.0.0/0

这样看起来对吗？