I am using custom domain name in my API Gateway and currently, all http calls are redirected to https. I would like to change it, so the cloudfront returns 403 (Forbidden) on http calls.
In all discussions about this topic, I see a suggestion to edit my Cloudfront distribution, change "Viewer Protocol Policy" setting to "HTTPS only". The problem is that I have no CloudFront distribution deployed, my endpoints are of "Edge" type so I guess that some default cloudfront distributions are used, the ones I cant edit. I would like to ask - is there a way to keep my custom domain names with "Edge" type and, at the same type, disable http calls on them? And if yes, how? Thank you.
EDIT: My current setup: when I display my APIs through API Gateway, I see that all of them have the endpoint type "Edge". Also when I open my "Custom domain name", in the Endpoint configuration, I see it has the endpoint type "Edge".
When you use Edge type for API Gateway, AWS uses its own regional CloudFront distribution. You have no control over it.
This type of endpoint acts like a regional endpoint, but has an AWS managed CloudFront web distribution in front of it to help improve the client connection time.
If you want to be able to change the settings of your CloudFront distro, you have to create your own distribution, as explained in:
I want an edge-optimized API endpoint in Amazon API Gateway, but I need more control over the Amazon CloudFront distribution.