@Niccolo Giulianelli Thanks for reaching out. Azure Front Door cannot be used to route traffic to a backend that is deployed in a private network. This is because Azure Front Door is a public-facing service and cannot access resources that are not publicly accessible.
In the case of an Azure APIM instance that is deployed in private mode, you will need to use a different solution to allow a self-hosted gateway running on AWS to communicate with the configuration endpoint. One possible solution is to use a VPN or ExpressRoute connection between your Azure and AWS environments to establish a private network connection.
Let me know if you have any further questions, i would be happy to assist you.