if you've set up a custom domain name for api gateway

your integration will give you a domain name like xxx.cloudfront.net

but if you curl that, it won't work, returning status=403

curl https://xxx.cloudfront.net

> {"message":"Forbidden"}

to make that work:

curl --header "Host: your.custom.domain.name" https://xxx.cloudfront.net/

which should be the default behaviour if you access

curl https://your.custom.domain.name/

but only if you have your CNAME correctly

Type    Domain Name               Canonical Name

CNAME   your.custom.domain.name   xxx.cloudfront.net

(might require SNI to be enabled)