I eventually received a follow-up email from Digi saying the following:
"The HTTP library which DRM uses for delivering events doesn't support the SNI TLS extension API Gateway uses to know which TLS certificate to hand out. That's why it seems that authentication is failing, even though you said your API call doesn't require authentication."
At this time, I worked around the problem by building an API Gateway entry point, a Lambda function to poll the Digi RESTful web services, and a CloudWatch even to trigger the API Gateway every 5 minutes to invoke the lambda function. It's not ideal, but it works.