Tried with full, these are the results:
curl -H "Host: <REDACTED>.lambda-url.eu-west-1.on.aws" https://dev-api.exampledomain.com -v
< HTTP/2 403
< server: cloudflare
< date: Thu, 02 Jun 2022 21:30:06 GMT
< content-type: text/html
< content-length: 151
< cf-ray: 715349ce4e1c6a08-MAD
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
Cloudflare returns 403 as the host header seems tampered from his point of view.
curl https://dev-api.exampledomain.com -v
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 403
< date: Thu, 02 Jun 2022 21:30:26 GMT
< content-type: application/json
< content-length: 16
< x-amzn-requestid: 93646b76-03a2-4519-9bd6-d41a8383ee8d
< x-amzn-errortype: AccessDeniedException
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=98L8u%2BOOinb10UDTiZkP%2FiHWiiYgFkNQDi6pGlDnldtjoZ64JOBO98zZsR%2BK6JaeAVD9oH7NfTH1nPZ3vcbLxEzMmG9zRY7Fkj9ls7%2Fyp4XTFsYB4nA8dXJIZ2UWXx6OKSgMudw5qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 71534a4c19cb69fc-MAD
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Connection #0 to host dev-api.exampledomain.com left intact
{"Message":null}%
AWS returns 403 as the host header seems tampered from his point of view.
That bring us again to the previous question, why is Cloudflare making a request to a host without passing that host in the header? And how to correct it?