It depends on your requirements and whether you expect the headers to be sent as part of the client request or need to add the headers before the request hits the API Gateway.
If you need to block client requests if some headers are missing, you can associate a WAF ACL with the API Gateway and define rules to block requests without mandatory headers
If the requirement is that the headers need to be added to the request before the request reaches the API Gateway even if the client did not send the headers, you can do so using Lambda@Edge with a Cloudfront distribution in front of your API Gateway.
Look at these for guidance
aws.amazon.com/blogs/networking-an... (this example shows response headers but you can use similar concepts to the request headers with some changes)
Hi !
So I found some solution from aws repost.
It depends on your requirements and whether you expect the headers to be sent as part of the client request or need to add the headers before the request hits the API Gateway.
If you need to block client requests if some headers are missing, you can associate a WAF ACL with the API Gateway and define rules to block requests without mandatory headers
Look at these two for guidance
docs.aws.amazon.com/apigateway/lat...
aws.amazon.com/premiumsupport/know...
If the requirement is that the headers need to be added to the request before the request reaches the API Gateway even if the client did not send the headers, you can do so using Lambda@Edge with a Cloudfront distribution in front of your API Gateway.
Look at these for guidance
aws.amazon.com/blogs/networking-an... (this example shows response headers but you can use similar concepts to the request headers with some changes)
docs.amazonaws.cn/en_us/AmazonClou...
Some examples of Lambda@Edge functions - docs.aws.amazon.com/AmazonCloudFro...