Thanks to you Abdul Aziz Barkat, I could narrow the issue down to a too restrictive AWS CloudFront cookie whitelist. Thank you!

Addind both Django's default sessionid and csrftoken cookie names to whitelisted cookies solved my issue (session is persisted along with session data and CSRF verification succeeds).

For those of you who are interested in some Cloud / IaC related issues, remember you have to set CloudFront's Cookies policy properly. Here is some Terraform documentation about this.