AWS Cloudfront (with WAF) + API Gateway: how to force access through Cloudfront?

Question

I want to put WAF in front of API Gateway, and with the (little) info I find that is only possible by manually putting an extra Cloudfront distribution with WAF enabled, in fron

Answer 1

You can use custom domain name and point DNS to the distribution with WAF. Requests directly to the original API Gateway distribution will not work then.