Deploy Laravel to AWS via Console (Part 4): ALB, CloudFront CDN & SSL with ACM

· 3 min read
#aws #alb #cloudfront #ssl #acm #route53 #laravel #console #series

In Part 3, we connected Laravel to RDS, S3, and Redis. Now let's set up the production front door: ALB for load balancing and SSL, CloudFront for CDN, and Route 53 for DNS.

SSL Certificates with ACM

We need two certificates: one for ALB (in ap-northeast-1) and one for CloudFront (must be in us-east-1).

Step 1a: Certificate for ALB (ap-northeast-1)

  1. Verify region: ap-northeast-1
  2. Search → "Certificate Manager"Request
  3. Request a public certificate → Next
Setting Value
Domain name your-domain.com
Additional name *.your-domain.com
Validation method DNS validation
Key algorithm RSA 2048
  1. Request

Step 1b: Certificate for CloudFront (us-east-1)

  1. Switch region to us-east-1 (N. Virginia)
  2. Repeat the exact same request
  3. Switch back to ap-northeast-1 when done

Step 1c: DNS Validation

  1. Click the certificate → find CNAME records under Domains
  2. If domain is on Route 53: click "Create records in Route 53" → done
  3. If domain is elsewhere: copy CNAME name/value → add to your DNS provider
  4. Wait for status: Issued

Application Load Balancer

Step 2a: Create Target Group

  1. EC2 → Target Groups → Create target group
Setting Value
Target type Instances
Name laravel-tg
Protocol/Port HTTP / 80
VPC laravel-production-vpc
Health check path /up
Healthy threshold 2
Unhealthy threshold 3
Interval 30 seconds
Success codes 200
  1. Next → select laravel-web-01Include as pendingCreate

Step 2b: Create ALB

  1. EC2 → Load Balancers → Create → Application Load Balancer
Setting Value
Name laravel-alb
Scheme Internet-facing
VPC laravel-production-vpc
Mappings Both public subnets (AZ-a and AZ-c)
Security group laravel-alb-sg

Listeners:

Protocol Port Action
HTTP 80 Redirect to HTTPS:443 (301)
HTTPS 443 Forward to laravel-tg

HTTPS listener: select ACM certificate (ap-northeast-1), security policy ELBSecurityPolicy-TLS13-1-2-2021-06.

  1. Create load balancer

Step 2c: Laravel TrustProxies

// bootstrap/app.php (Laravel 11+)
->withMiddleware(function (Middleware $middleware) {
    $middleware->trustProxies(
        at: '*',
        headers: Request::HEADER_X_FORWARDED_FOR |
                 Request::HEADER_X_FORWARDED_HOST |
                 Request::HEADER_X_FORWARDED_PORT |
                 Request::HEADER_X_FORWARDED_PROTO |
                 Request::HEADER_X_FORWARDED_AWS_ELB,
    );
})

Route 53 — DNS

Step 3a: Create Hosted Zone

  1. Search → "Route 53"Hosted zones → Create
  2. Domain: your-domain.com, Type: Public
  3. Update nameservers at your domain registrar

Step 3b: Point Domain to ALB

  1. Create record:
Setting Value
Record name (blank for root)
Type A
Alias ✅ Yes
Route to Alias to Application Load Balancer → ap-northeast-1 → laravel-alb
  1. Create another for www subdomain

CloudFront CDN

Step 4a: Create Distribution

  1. Search → "CloudFront"Create distribution
Setting Value
Origin domain laravel-alb (select ALB)
Protocol HTTPS only
Default behavior cache policy CachingDisabled
Origin request policy AllViewerExceptHostHeader
Viewer protocol Redirect HTTP to HTTPS
Allowed methods GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
Alternate domain names your-domain.com, www.your-domain.com
SSL certificate ACM cert from us-east-1
  1. Create distribution → wait 5-15 minutes

Step 4b: Add Cache Behaviors for Static Assets

After creation:

  1. Behaviors → Create behavior
Path Pattern Cache Policy
/build/* CachingOptimized
/images/* CachingOptimized

Step 4c: Update Route 53 to CloudFront

  1. Route 53 → your-domain.com → edit A record
  2. Change to: Alias to CloudFront distribution
  3. Repeat for www record

Final Traffic Flow

User → CloudFront Edge → Cache HIT  → Fast response
                        → Cache MISS → ALB → EC2 → Response

Series Navigation:

Comments