Worth to mention that if you want to add custom certificate into cloudfront, you need to import certificate via ACM to N.Virginia region!
All certificates in ACM are regional resources, including the certificates that you import. To use the same certificate with Elastic Load Balancing load balancers in different AWS regions, you must import the certificate into each region where you want to use it. To use a certificate with Amazon CloudFront, you must import it into the US East (N. Virginia) region.
Another thing to keep in mind is that, most definitely you can import your own SSL certs from your preferred vendor, OR you can use the free AWS SSL certs from ACM. This is incredibly useful if you want some peace of mind regarding renewals, since AWS does that on your behalf as long as you keep a CNAME record that Amazon requires to validate that you actually own the domain.
AWS at this time only provides domain verification, but they’re working to provide Extended Validation as well. It all depends on your business requirements.