aws-api-gateway amazon-cloudfront api-gateway

Restrict direct API Gateway calls unless it's from CloudFront

We created a CloudFront in front of our APIs. Is it possible to restrict API calls other than coming from CloudFront?

Current setup:

Caller --> API Gateway Endpoint --> Lambda

Caller --> CloudFront Endpoint --> API Gateway Endpoint --> Lambda

We expect to have it like this only:

Caller --> CloudFront Endpoint --> API Gateway Endpoint --> Lambda

Solution

Yes, WAF available for API gateway. 1. In CloudFront add a custom origin header 2. use WAF on API gateway and allow if request (CloudFront IP addresses + if header+value present). CloudFront IP addresses. http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips

In AWS API Gateway, can method level limits for a specific end point exceed stage level limit?
Why does API Gateway not pass through the request path parameters in proxy mode?
How to integrate the lambdas uris in the AWS API Gateway Specification YAML?
Can an AWS Lambda function call another
Understanding AWS API Gateway Custom Domain Names
How to Use Stage Variables for connection_id in aws_api_gateway_integration with Terraform?
Proper Principal ID Value for API Gateway Custom Authorizer via Lambda?
How to enable CORS with AWS SAM
How to add non authenticated routes in AWS SAM template
How to Use Cognito Identity Pool with Unauthenticated Users in Amplify v6 for API Gateway Access
AWS Lambda parameter passing error | API Gateway
Is there a way to assign a Static IP to a AWS Lambda without VPC?
API Gateway with no auth setting keeps returning Missing Authentication Token to Postman
Issue with slashes for Integrating API Gateway with CloudSearch
Turn off (Disable) individual API in API Gateway temporarily without Deleting?
Customize response from AWS API Gateway integrated to SQS
Unable to resolve " not a valid key=value pair (missing equal-sign) in Authorization header" when POSTing to api gateway
API Gateway V2 private integration to application load balancer always returns 503
Api gateway invoking a lambda returns 403
Create AWS_API_GATEWAY_RESOURCES in a loop
How to share a common mapping template at AWS API Gateway?
Missing Authentication Token while accessing API Gateway?
AWS Lambda Restrict Only Accessible By Bitbucket Webhooks
"errorMessage": "'queryStringParameters'", "errorType": "KeyError",
How to add CORS header to AWS API Gateway response with lambda proxy integration activate
Authorization Error in API Gateway endpoints using lambda with Chalice code
How to integrate AWS Lambda to Application Load Balanced Fargate Service
Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
Add advanced validation for AWS::Serverless::Api GET query params
JWT token with API Gateway returns unauthorized all the time