# ALB + ACM + CloudFront Notes

- Request ACM certs:
  - `us-east-1` (for CloudFront)
  - Your EC2 region (for ALB HTTPS)
- Target Group: HTTP:80 to your EC2 instance(s).
- ALB: Internet-facing, listeners 80 (redirect to 443) and 443 (with cert).
- CloudFront: Origin = ALB DNS; forward headers/methods required by Nextcloud.
- If UI elements vanish behind CloudFront (file list/upload button):
  - Check behaviors, caching, headers, and methods pass-through.
  - Bypass CloudFront (hit ALB directly) to isolate the issue.