I would like to make the following structure for my web application
Visitor ==>>> CloudFront-> ALB -> ASG (nginx servers)
I have only one HTTPS certificate for my domain name. I will upload it to ACM but where to attach? To the Cloudfront? Or to the ALB? Maybe to the hosts? Or everywhere the same?
Can I use the same in all places?
I tried to add it only to the NGINX but it can be used only locally and others from acm
Firstly you can use SSL on all levels (cloudfront, ALB, and Nginx Servers).
On clodfrount configuration page select alternate domain and put your domain to be used, then it will ask cert you need to select it from selection options.
While you go to listeners, then you configure listener for 443 or another you can select SSL cert on there.
BTW, You can configure only on cloudfront for visitors and you don't need to use SSL for internal communication if your data is not too important (Credit card etc.)