Deploy EC2 instances behind an Application Load Balancer (ALB). Use AWS Certificate Manager (ACM) to obtain an SSL certificate, which is then associated with the ALB. Export this certificate to each EC2 instance. Set up the ALB to handle HTTPS traffic by listening on port 443 and forwarding it to the same port on the instances.

Group EC2 instances into a target group. Acquire an SSL certificate via AWS Certificate Manager (ACM). Establish an Amazon CloudFront distribution configured with this SSL certificate. Configure CloudFront to direct traffic to the target group serving as the origin server.

Set EC2 instances behind a Network Load Balancer (NLB). Install a third-party SSL certificate on both the NLB and each EC2 instance. Configure the NLB to handle HTTPS traffic by listening on port 443 and forwarding it to the same port on the instances.