AWS API Gateway: 403 forbidden with disabled API key; error from cloudfront

How can happen that with a Lambda/API Gateway combination, if no explicit Cloud Front configuration has been done, in an error response header they mention CloudFront?

header: x-amzn-ErrorType: ForbiddenException
header: x-amz-apigw-id: P3mmbT_DREF8bg=
header: X-Cache: Error from cloudfront

Actual problem: with a disabled API key, API keeps responding “forbidden”.

UPDATE. As it seems the problem is not related to the Edge API/CloudFront, as the problem with disabled key persists also on changing API type to regional.

Go to Source
Author: Peter Muryshkin