We recently helped a customer identify some potential CloudFront/S3 takeover risks. You can find the details of the risk described in the article, "Simple Route53/Cloudfront/s3 subdomain takeover".
Here are the 3 relevant questions/queries added to the library. You may want to try these questions/queries in your environment and set up alerts accordingly.
The questions are already added in-app. Simply type "cloudfront origin" in the search bar to run them.
You can then create an alert for each one. We are adding them to the alert rule packs, too.
To be clear, when you run the questions/queries highlighted, the best result is no results.