How can I set API Key Security Globally on API Gateway using Swagger

I'm trying to import an openapi/swagger file into api gateway, but I'm not able to get the security set as expected. I want to have an api key required for all paths.

Setting it api key required in the console after import works, but this solution is undesirable, what also works is setting the security field in each path individually, but I'm looking for a global solution.

When I'm trying to import the file I get the following warning:

Your API was not imported due to errors in the Swagger file.

    Method 'GET' on resource '/' specified security,
    but no custom authorizers were created and the extension
    x-amazon-apigateway-auth was not set.
    This method will be not be secured. 

By the looks of this, I either need a lambda as a custom authorizer just for the api key (I'm not familiar with authorizers but this doesn't seem to make sense if I don't need one when setting api key required in the console); or I need to do something with this mysterious x-amazon-apigateway-auth which I can't find docs for (all the other openapi extensions amazon have documented here).

A miniamal example is below:

openapi: 3.0.1
info:
  title: test
  version: 0
servers:
- url: "/"
security:
  - ApiKey: []
paths:
  "/":
    get:
      # if I copy the security part into here things work 
      responses:
        '204':
          description: no content
      x-amazon-apigateway-integration:
        httpMethod: GET
        type: http
        uri: https://httpstat.us/204
components:
  securitySchemes:
    ApiKey:
      type: apiKey
      name: x-api-key
      in: header
x-amazon-apigateway-api-key-source: HEADER

since api key security is set at the root level, this suggests to me that all paths should use an api key (unless overwritten by individual paths), what actually occurs is the above warning and no api key required when imported.