Is self-signed certificate for ALB -> EC2 secure?

I intend to use self-signed certificates to secure connection between my ALB and EC2 instances. However, because there's no CA to verify that my public key is a valid key (the key that my EC2 send out), the communication pipe isn't so secure because MIM can just send the fake key to ALB.

Is my understanding wrong? And if yes what's the alternative to achieve end-to-end encryption?