Is it possible to have an EC2 instance using an vendor’s AMI Firewall that forward traffic to amazon cloud front or an Application Load Balancer instead of using WAF?
I dont think it makes sense to frontend a CDN (cloudFront) with an instance. What you said makes sense for ALB though. I searched for WAF AMIs and found one as below: https://aws.amazon.com/marketplace/pp/B00UAWMZ1U?qid=1515215390934&sr=0-4&ref_=srh_res_product_title
If you check the AWS doco, they have a model of a multi-tier model with a Load Balanced WAF tier in front of a Load Balanced server tier. If I recall correctly it is in the Security area where they discuss being able to outscale DDoS attacks.
You can certainly use your own solutions, however as a general design principle try to stay with AWS recognized solutions to accelerate delivery, avoid unexpected problems and maximize the opportunity for AWS support and built in automation.
Moderator & Coach