I end up using let's encrypt. There is a way to do with CloudFront but it is complicated and you need to make 2 dns record for simple wordpress site.
So, I decided to use let's encrypt. However, let me provide the solution for CloudFront which was done by AWS team.
So the only way I was able to get this working properly, was essentially to create 2 CNAMES. I have one CNAME, in this case called 'origin.example.com'. This points directly to my EC2 Instance, or it can point to an ELB. I have another CNAME, which is the name of the Wordpress site, in this case 'blog.example.com'. Because of the way the Bitnami server reads the HTTPS connection, it was easier to run the LetsEncrypt tool directly on the EC2 Instance and setup SSL with a free signed certificate, so I can have Cloudfront connect via HTTPS to the origin. I setup the Origin Domain Name to be 'origin.example.com', I am allowing the HTTP Methods 'GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE' and I am also Whitelisting the 'Host' header, so the SSL handshake can be passed correctly.
Hope this might help someone.