MOCK AWS API网关中的客户端证书

Question

我正在使用Terraform创建MOCK AWS API网关，我可以使用下面的.tf文件进行此操作。我需要与API一起创建客户端证书，并在阶段中使用它（将其连接到API）。任何想法，我需要使用什么Terraform资源？另外，这是私有子网中的API。

    resource "aws_vpc" "test" {
  cidr_block = "10.0.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true

  tags = {
    Name = "APIGW-Example"
  }
}

data "aws_security_group" "test" {
  vpc_id = aws_vpc.test.id
  name   = "default"
}

data "aws_availability_zones" "available" {}

resource "aws_subnet" "test" {
  vpc_id            = aws_vpc.test.id
  cidr_block        = aws_vpc.test.cidr_block
  availability_zone = data.aws_availability_zones.available.names[0]

  tags = {
    Name = "APIGW-Example"
  }
}


data "aws_vpc_endpoint_service" "test" {
  service = "execute-api"
}

resource "aws_vpc_endpoint" "test" {
  vpc_id              = aws_vpc.test.id
  service_name        = data.aws_vpc_endpoint_service.test.service_name
  vpc_endpoint_type   = "Interface"
  private_dns_enabled = true

  subnet_ids = [aws_subnet.test.id]
  security_group_ids = [data.aws_security_group.test.id]
}


resource "aws_api_gateway_rest_api" "MyDemoAPI" {
  name = "MyDemoAPI"

  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": [
                "*"
            ],
            "Condition" : {
                "StringNotEquals": {
                    "aws:SourceVpce": "${aws_vpc_endpoint.test.id}"
                }
            }
        }
    ]
}
EOF

  endpoint_configuration {
    types = ["PRIVATE"]
    vpc_endpoint_ids = [aws_vpc_endpoint.test.id]
  }
}

resource "aws_api_gateway_resource" "MyDemoResource" {
  rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
  parent_id   = "${aws_api_gateway_rest_api.MyDemoAPI.root_resource_id}"
  path_part   = "test"
}

resource "aws_api_gateway_method" "MyDemoMethod" {
  rest_api_id   = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
  resource_id   = "${aws_api_gateway_resource.MyDemoResource.id}"
  http_method   = "GET"
  authorization = "NONE"

}

resource "aws_api_gateway_integration" "MyDemoIntegration" {
  rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
  resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
  http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}"
  type        = "MOCK"

  request_templates = {
    "application/json" = "{\"statusCode\": 200}"
  }

}

resource "aws_api_gateway_integration_response" "MyDemoIntegrationResponse" {
   rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
   resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
   http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}"
   status_code = "200"

   response_templates = {
       "application/json" = ""
   } 
}

resource "aws_api_gateway_method_response" "ok" {
  depends_on  = [aws_api_gateway_method.MyDemoMethod, aws_api_gateway_integration.MyDemoIntegration, aws_api_gateway_integration_response.MyDemoIntegrationResponse]
  rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
  resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
  http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}"
  status_code = "200"

  response_models = {
    "application/json" = "Empty"
  }
  }




resource "aws_api_gateway_deployment" "MyDemoDeployment" {
   depends_on = [
    aws_api_gateway_integration.MyDemoIntegration,
    aws_api_gateway_method.MyDemoMethod 
  ]
  rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
  stage_name  = "test"
  stage_description = "Deployed at ${timestamp()}"
  variables = {
    "answer" = "42"
  }
  
  lifecycle {
    create_before_destroy = true
  }
}