It sounds like a simple and silly question but I just can't figure out an easy way to have it done.
So I registered my domain name on NameCheap and am using Cloudflare's name server. I have a Lambda function which is accessible via AWS API gateway. I created a special sub domain, api.my-domian.com, and want others to use this domain do access the Lambda function.
I've tried to let Cloudflare to proxy the request and response, but I always get a "403 forbidden" error, not sure if AWS now does not allow Cloudflare to connect to its resources.
I've tried to create a CNAME record pointing my domain to the AWS API domain, however, the browser complains that the certificate is untrusted, since the browser is visiting api.my-domain.com but the certificate is to certify *.amazonaws.com.
I've tried to create a redirect, however, since my API responds with images, the browser will first send a preflight to check CORS, and I got error saying that "redirect is not allowed for preflight".
I can migrate my name server to Route 53 and use Cloudfront and eventually can solve this problem. But I just wonder in general, how can I make it work without spending too much effort.
You will have to actually configure AWS API Gateway to be aware of the domain name, before API Gateway will let you send that traffic to it. When you do that, API Gateway will require you to attach an SSL certificate. You can create an SSL certificate for the domain for free using AWS Certificate Manager.
Once you have done that, you will be able to configure a CNAME record in Cloudflare that points to the API, and API Gateway will accept that traffic. Configuring Cloudflare to proxy the traffic at that point, it's entirely optional.
I've tried to let Cloudflare to proxy the request and response, but I always get a "403 forbidden" error, not sure if AWS now does not allow Cloudflare to connect to its resources.
That wasn't working because AWS saw the domain name in the host header of the request, and you hadn't configured API Gateway to actually serve the API from that domain yet.
I can migrate my name server to Route 53 and use Cloudfront and eventually can solve this problem.
That wouldn't solve the problem at all. There is zero reason to use Route53 or CloudFront instead of Cloudflare for this. You just need to configure API Gateway to be aware of the domain name. You would have to do that in either scenario.