How to prevent direct access to CloudFront origins with custom headers and AWS WAF

In some cases when you use CloudFront for your Load Balancers and/or API Gateways you might want to prevent direct access to these unless they are accessed through the CloudFront distribution. This can be achieved easily by setting up some custom headers and a WAF ACL in front of these resources. In this video I am going to show you how to do it.