AWS Web Application Firewall (WAF) can be used to protect CloudFront distributions by inspecting and managing requests from the web using specific ACL configurations. This can be configured to meet the need of each individual application, but before that can be done, it must be enabled. For more information, see the AWS Documentation.
References:
https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#web_acl_id