CloudFront distribution does not have a WAF in front.
You should configure a Web Application Firewall in front of your CloudFront distribution. This will mitigate many types of attacks on your web application.
Impact
Complex web application attacks can more easily be performed without a WAF
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.