A blog about odd things, all AWS or Network related...
Wouldn't it be good if you could use AWS ACM with Nitro Enclaves coupled with IIS? Free certificates for your privately hosted single-tenanted Windows servers, rather than having to consider (then go mad considering) an AWS ALB per EC2...
Down the ALB route, you could have a single ALB with up to 100 unique target groups (as per hard quota), but if you want to restrict access, you can only have 5 conditions per rule, say one host header and four CIDR which feels quickly exhaustible.
And sure, LetsEncrypt might otherwise be an answer, but in an IaC world (Terraform in my case) alongside AWS, who wants to manage and install a client multiple times...