WAF in front of Traefik

I run my microservices currently on a ec2-instance(aws) with traefik/letencrypt in front of them.
"WebBrowser" -> Internet -> (EC2 with traefik)
All is fine.
Now I want to to establish a WAF. aws comes with a WAF solution. However to use this WAF service I have to plug an application load balancer between my ec2-instance and WAF service.
"WebBrowser" -> Internet -> WAF -> ALB -> (EC2 with traefik)
First question: Does this approach seem viable?
Second question: Has anyone practical experience with it?
Currently I try to build the ALB with terraform and get an error that at least
" two subnets in two different Availability Zones must be specified"...
Hm, I have currently only one ec2-machine with all my services...

Maybe someone has done this already and can point me in the right direction.