NDR-213 Create new api methods

megan-bower4 · megan-bower4 · commit 3518e49e16e1 · 2025-08-28T11:18:26.000+01:00
diff --git a/infrastructure/gateway-document-reference-mtls.tf b/infrastructure/gateway-document-reference-mtls.tf
@@ -0,0 +1,10 @@
+module "fhir_document_reference_mtls_gateway" {
+  source              = "./modules/gateway"
+  api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  parent_id           = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.root_resource_id
+  http_methods        = ["POST", "GET"]
+  authorization       = "NONE"
+  api_key_required    = true
+  gateway_path        = "DocumentReference"
+  require_credentials = true
+}
diff --git a/infrastructure/gateway-document-reference.tf b/infrastructure/gateway-document-reference.tf
@@ -1,8 +1,8 @@
 module "fhir_document_reference_gateway" {
   count               = 1
   source              = "./modules/gateway"
-  api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
-  parent_id           = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.root_resource_id
+  api_gateway_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
+  parent_id           = aws_api_gateway_rest_api.ndr_doc_store_api.root_resource_id
   http_methods        = ["POST", "GET"]
   authorization       = "NONE"
   api_key_required    = true
diff --git a/infrastructure/lambda-get-document-fhir.tf b/infrastructure/lambda-get-document-fhir.tf
@@ -1,13 +1,19 @@
 resource "aws_api_gateway_resource" "get_document_reference" {
   count       = 1
-  rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
   parent_id   = module.fhir_document_reference_gateway[0].gateway_resource_id
   path_part   = "{id}"
 }
 
+resource "aws_api_gateway_resource" "get_document_reference_mtls" {
+  rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  parent_id   = module.fhir_document_reference_mtls_gateway.gateway_resource_id
+  path_part   = "{id}"
+}
+
 resource "aws_api_gateway_method" "get_document_reference" {
   count            = 1
-  rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
   resource_id      = aws_api_gateway_resource.get_document_reference[0].id
   http_method      = "GET"
   authorization    = "NONE"
@@ -17,6 +23,17 @@ resource "aws_api_gateway_method" "get_document_reference" {
   }
 }
 
+resource "aws_api_gateway_method" "get_document_reference_mtls" {
+  rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  resource_id      = aws_api_gateway_resource.get_document_reference_mtls.id
+  http_method      = "GET"
+  authorization    = "NONE"
+  api_key_required = true
+  request_parameters = {
+    "method.request.path.id" = true
+  }
+}
+
 
 module "get-doc-fhir-lambda" {
   count   = 1
@@ -30,10 +47,10 @@ module "get-doc-fhir-lambda" {
     module.ndr-lloyd-george-store.s3_read_policy_document,
   ]
   kms_deletion_window = var.kms_deletion_window
-  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
   resource_id         = aws_api_gateway_resource.get_document_reference[0].id
   http_methods        = ["GET"]
-  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn
+  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
   lambda_environment_variables = {
     APPCONFIG_APPLICATION      = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT      = module.ndr-app-config.app_config_environment_id
@@ -49,3 +66,21 @@ module "get-doc-fhir-lambda" {
   depends_on = [aws_api_gateway_method.get_document_reference, aws_api_gateway_resource.get_document_reference]
 }
 
+resource "aws_api_gateway_integration" "get_doc_fhir_lambda_integration" {
+  rest_api_id             = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  resource_id             = aws_api_gateway_resource.get_document_reference_mtls.id
+  http_method             = "GET"
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = module.get-doc-fhir-lambda[0].lambda_invoke_arn
+}
+
+resource "aws_lambda_permission" "lambda_permission_get_mtls_api" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name =  module.get-doc-fhir-lambda[0].lambda_arn
+  principal     = "apigateway.amazonaws.com"
+  # The "/*/*" portion grants access from any method on any resource
+  # within the API Gateway REST API.
+  source_arn = "${aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn}/*/*"
+}
diff --git a/infrastructure/lambda-post-document-fhir.tf b/infrastructure/lambda-post-document-fhir.tf
@@ -28,3 +28,22 @@ module "post-document-references-fhir-lambda" {
     PRESIGNED_ASSUME_ROLE           = aws_iam_role.create_post_presign_url_role.arn
   }
 }
+
+resource "aws_api_gateway_integration" "post_doc_fhir_lambda_integration" {
+  rest_api_id             = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  resource_id             = module.fhir_document_reference_mtls_gateway.gateway_resource_id
+  http_method             = "POST"
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = module.post-document-references-fhir-lambda[0].lambda_invoke_arn
+}
+
+resource "aws_lambda_permission" "lambda_permission_post_mtls_api" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name =  module.post-document-references-fhir-lambda[0].lambda_arn
+  principal     = "apigateway.amazonaws.com"
+  # The "/*/*" portion grants access from any method on any resource
+  # within the API Gateway REST API.
+  source_arn = "${aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn}/*/*"
+}
diff --git a/infrastructure/lambda-search-document-references-fhir.tf b/infrastructure/lambda-search-document-references-fhir.tf
@@ -31,3 +31,22 @@ module "search-document-references-fhir-lambda" {
     module.ndr-app-config
   ]
 }
+
+resource "aws_api_gateway_integration" "search_doc_fhir_lambda_integration" {
+  rest_api_id             = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  resource_id             = module.fhir_document_reference_mtls_gateway.gateway_resource_id
+  http_method             = "GET"
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = module.search-document-references-fhir-lambda[0].lambda_invoke_arn
+}
+
+resource "aws_lambda_permission" "lambda_permission_search_mtls_api" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name =  module.search-document-references-fhir-lambda[0].lambda_arn
+  principal     = "apigateway.amazonaws.com"
+  # The "/*/*" portion grants access from any method on any resource
+  # within the API Gateway REST API.
+  source_arn = "${aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn}/*/*"
+}
