Hi Sam, great explanation on ASG and load balancers, helped me understand the concepts more and how the two services work together! I just captured one important detail that got me confused and did my own research to shed some light. In this video, at 10:42, you mentioned that load balancers only route traffic to EC2 instances on the same AZ. This is incorrect (or I might have just misunderstood your statement), since with Application Load Balancers, CROSS-ZONE load balancing is enabled by default that distributes the traffic across the registered targets in ALL enabled availability zone. Nonetheless, great tutorial man! Just felt the need to call the small misconception out especially to those that are reviewing for their certifications. Cheers!
worth mentioning that if you go down the ssl route you will need to make sure that the load balancer security group is ammended to have https in the rules.
One thing that AWS could add: Auto Scaling Group specification of the Launch Template down to the version. With this, there can be two ASGs that use two versions of the same LT. Then a rollout is to revise the LT, create a new ASG/TGP that uses the new version of the LT, and then adjust the LB percentage of requests reaching the new TGP to begin to phase in the new version. Without this, a phased rollout requires you to create a new launch template for each version. This defeats the purpose of having LTs that can be revised.
Choosing "Latest" launch template in ASG config might turn out to be a problem sometimes. What if you accidently put something wrong in user data? Just saying. I will prefer default.
Load balancer can have both 80/443 listeners there was no need to create a new one; For custom vpc they can be on different subnets as long the targets subnets and lb subnets are on the same AZ