Client certificates can be used to authenticate an API Gateway as it transmits data to backend services. Doing this will help ensure that the requests to the backend system are from an authorized source. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
API Gateways should be configured to use SSL certificates as best practice. For information on how to generate SSL certificates, see the AWS documentation (below).
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html#generate-client-certificate
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage#client_certificate_id