You can now generate client-side SSL certificates in Amazon API Gateway and exercise the public key to verify that HTTP requests to your backend systems originated from Amazon API Gateway. Currently,integration endpoints for Amazon API Gateway are always publicly accessible to the Internet. Now, Amazon API Gateway can generate SSL certificates, or such that you can exercise the public key of the certificate in your backend to authenticate API requests from Amazon API Gateway. This allows you to control and accept only requests originating from Amazon API Gateway,even whether your HTTP backend is publicly accessible. Learn more about using client-side SSL certificates in the Amazon API Gateway Developer Guide.
Source: amazon.com