I’m getting a little confused on this point. To use an ACM certificate with CloudFront, you have to generate it in US-East-1? Say you also have a load balancer, but it’s not in US east-1. That certificate is regional. So you need a total of 2 certificates, am I right?
That is correct. ACM is a regional service, so you need 1 cert per region. You can use the same domain name on certs in different regions, however.
Cloudfront’s comand and control infrastructure is in US-EAST-1, so if you are using CF at all, you will need a cert generated in US-EAST-1, even if that’s not where the rest of your infrastructure is.