Working on creating a bucket that will store the images for this site.
Also, I wanted to allow my web server to be able to get new updates from the internet via NAT. It turns out that I can’t do this if my web server is in the same subnet as my NAT instance;
This is due to route table limitations – The route table can either point to the internet gateway (which is needed for the NAT instance) or the Cloudfront interface (which is needed for HTTPS traffic from the EC2) – the route table cannot do both. I’ll have to place the web server in it’s own private subnet and then route the non-HTTPS traffic to the NAT instance.
The ALB is needed(**) to allow cloudfront to serve my website once the web server is placed into a private subnet.
**As of November 20, 2025 – AWS released Cloudfront (VPC) Origins which allows Cloudfront to deliver static content from private networks/subnets. So I don’t need the ALB anymore. Another project for another day.