Nice article! The only suggestion that i can give to you is to specify that “You can use a certificate stored in AWS Certificate Manager (ACM) in the US East
(N. Virginia) Region, or you can use a certificate stored in IAM.”.
Someone (like me) may not notice it at first glance ;)