NHSDigital · jameslinnell · Sep 17, 2025 · Sep 17, 2025 · Sep 18, 2025 · Sep 18, 2025
@@ -39,7 +39,6 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
   depends_on = [
     aws_api_gateway_rest_api.ndr_doc_store_api,
     aws_api_gateway_authorizer.repo_authoriser,
-    aws_api_gateway_resource.get_document_reference,
     module.access-audit-gateway,
     module.access-audit-lambda,
     module.back-channel-logout-gateway,
@@ -54,8 +53,6 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.document-manifest-job-lambda,
     module.feature-flags-gateway,
     module.feature-flags-lambda,
-    module.fhir_document_reference_gateway,
-    module.get-doc-fhir-lambda,
     module.get-report-by-ods-gateway,
     module.get-report-by-ods-lambda,
     module.lloyd-george-stitch-gateway,
@@ -72,7 +69,6 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy" {
     module.update-upload-state-lambda,
     module.document-status-check-gateway,
     module.document-status-check-lambda,
-    module.post-document-references-fhir-lambda,
     module.virus_scan_result_gateway,
     module.virus_scan_result_lambda
   ]

@@ -45,15 +45,9 @@ resource "aws_api_gateway_deployment" "ndr_api_deploy_mtls" {
   depends_on = [
     aws_api_gateway_rest_api.ndr_doc_store_api_mtls,
     aws_api_gateway_resource.get_document_reference_mtls,
-    module.get-doc-fhir-lambda,
-    aws_api_gateway_integration.get_doc_fhir_lambda_integration,
-    aws_lambda_permission.lambda_permission_get_mtls_api,
-    module.post-document-references-fhir-lambda,
-    aws_api_gateway_integration.post_doc_fhir_lambda_integration,
-    aws_lambda_permission.lambda_permission_post_mtls_api,
-    module.search-document-references-fhir-lambda,
-    aws_api_gateway_integration.search_doc_fhir_lambda_integration,
-    aws_lambda_permission.lambda_permission_search_mtls_api,
+    module.get_document_reference_fhir_lambda,
+    module.post_document_reference_fhir_lambda,
+    module.search_document_reference_fhir_lambda,
   ]
 
   lifecycle {
@@ -139,4 +133,5 @@ module "mtls_api_endpoint_url_ssm_parameter" {
   type                = "SecureString"
   owner               = var.owner
   environment         = var.environment
-}
+}
+
@@ -6,4 +6,5 @@ module "fhir_document_reference_mtls_gateway" {
   authorization       = "NONE"
   gateway_path        = "DocumentReference"
   require_credentials = true
-}
+}
+
@@ -23,7 +23,7 @@ data "aws_iam_policy_document" "assume_role_policy_for_create_lambda" {
       type = "AWS"
       identifiers = compact([
         module.create-doc-ref-lambda.lambda_execution_role_arn,
-        local.is_production ? null : module.post-document-references-fhir-lambda.lambda_execution_role_arn
+        local.is_production ? null : module.post_document_reference_fhir_lambda.lambda_execution_role_arn
       ])
     }
   }
@@ -140,7 +140,7 @@ data "aws_iam_policy_document" "assume_role_policy_for_get_doc_ref_lambda" {
 
     principals {
       type        = "AWS"
-      identifiers = [module.get-doc-fhir-lambda.lambda_execution_role_arn]
+      identifiers = [module.get_document_reference_fhir_lambda.lambda_execution_role_arn]
     }
   }
 }

@@ -1,26 +1,9 @@
-resource "aws_api_gateway_resource" "get_document_reference" {
-  rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  parent_id   = module.fhir_document_reference_gateway[0].gateway_resource_id
-  path_part   = "{id}"
-}
-
 resource "aws_api_gateway_resource" "get_document_reference_mtls" {
   rest_api_id = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
   parent_id   = module.fhir_document_reference_mtls_gateway.gateway_resource_id
   path_part   = "{id}"
 }
 
-resource "aws_api_gateway_method" "get_document_reference" {
-  rest_api_id      = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id      = aws_api_gateway_resource.get_document_reference.id
-  http_method      = "GET"
-  authorization    = "NONE"
-  api_key_required = true
-  request_parameters = {
-    "method.request.path.id" = true
-  }
-}
-
 resource "aws_api_gateway_method" "get_document_reference_mtls" {
   rest_api_id   = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
   resource_id   = aws_api_gateway_resource.get_document_reference_mtls.id
@@ -32,10 +15,10 @@ resource "aws_api_gateway_method" "get_document_reference_mtls" {
 }
 
 
-module "get-doc-fhir-lambda" {
+module "get_document_reference_fhir_lambda" {
   source  = "./modules/lambda"
-  name    = "GetDocumentReference"
-  handler = "handlers.get_fhir_document_reference_handler.lambda_handler"
+  name    = "GetDocumentReferenceFhir"
+  handler = "handlers.get_document_reference_fhir_handler.lambda_handler"
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
@@ -45,10 +28,10 @@ module "get-doc-fhir-lambda" {
     module.pdm-document-store.s3_read_policy_document,
   ]
   kms_deletion_window = var.kms_deletion_window
-  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id         = aws_api_gateway_resource.get_document_reference.id
+  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  resource_id         = aws_api_gateway_resource.get_document_reference_mtls.id
   http_methods        = ["GET"]
-  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
+  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn
   lambda_environment_variables = {
     APPCONFIG_APPLICATION      = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT      = module.ndr-app-config.app_config_environment_id
@@ -62,32 +45,6 @@ module "get-doc-fhir-lambda" {
     CLOUDFRONT_URL             = module.cloudfront-distribution-lg.cloudfront_url
     PDS_FHIR_IS_STUBBED        = local.is_sandbox
   }
-  depends_on = [
-    aws_api_gateway_method.get_document_reference,
-    module.pdm_dynamodb_table,
-    module.lloyd_george_reference_dynamodb_table,
-  ]
-}
-
-resource "aws_api_gateway_integration" "get_doc_fhir_lambda_integration" {
-  rest_api_id             = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
-  resource_id             = aws_api_gateway_resource.get_document_reference_mtls.id
-  http_method             = "GET"
-  integration_http_method = "POST"
-  type                    = "AWS_PROXY"
-  uri                     = module.get-doc-fhir-lambda.invoke_arn
-
   depends_on = [aws_api_gateway_method.get_document_reference_mtls]
-
-}
-
-resource "aws_lambda_permission" "lambda_permission_get_mtls_api" {
-  statement_id  = "AllowAPImTLSGatewayInvoke"
-  action        = "lambda:InvokeFunction"
-  function_name = module.get-doc-fhir-lambda.lambda_arn
-  principal     = "apigateway.amazonaws.com"
-  # The "/*/*" portion grants access from any method on any resource
-  # within the API Gateway REST API.
-  source_arn = "${aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn}/*/*"
 }
 
@@ -1,7 +1,7 @@
-module "post-document-references-fhir-lambda" {
+module "post_document_reference_fhir_lambda" {
   source  = "./modules/lambda"
-  name    = "PostDocumentReferencesFHIR"
-  handler = "handlers.post_fhir_document_reference_handler.lambda_handler"
+  name    = "PostDocumentReferenceFhir"
+  handler = "handlers.post_document_reference_fhir_handler.lambda_handler"
   iam_role_policy_documents = [
     module.document_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
@@ -11,10 +11,10 @@ module "post-document-references-fhir-lambda" {
     aws_iam_policy.ssm_access_policy.policy
   ]
   kms_deletion_window = var.kms_deletion_window
-  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id         = module.fhir_document_reference_gateway[0].gateway_resource_id
+  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  resource_id         = module.fhir_document_reference_mtls_gateway.gateway_resource_id
   http_methods        = ["POST"]
-  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
+  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn
   lambda_environment_variables = {
     APPCONFIG_APPLICATION           = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT           = module.ndr-app-config.app_config_environment_id
@@ -33,26 +33,3 @@ module "post-document-references-fhir-lambda" {
     module.lloyd_george_reference_dynamodb_table,
   ]
 }
-
-resource "aws_api_gateway_integration" "post_doc_fhir_lambda_integration" {
-  rest_api_id             = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
-  resource_id             = module.fhir_document_reference_mtls_gateway.gateway_resource_id
-  http_method             = "POST"
-  integration_http_method = "POST"
-  type                    = "AWS_PROXY"
-  uri                     = module.post-document-references-fhir-lambda.invoke_arn
-
-  depends_on = [module.fhir_document_reference_mtls_gateway]
-
-}
-
-resource "aws_lambda_permission" "lambda_permission_post_mtls_api" {
-  statement_id  = "AllowAPImTLSGatewayInvoke"
-  action        = "lambda:InvokeFunction"
-  function_name = module.post-document-references-fhir-lambda.lambda_arn
-  principal     = "apigateway.amazonaws.com"
-  # The "/*/*" portion grants access from any method on any resource
-  # within the API Gateway REST API.
-  source_arn = "${aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn}/*/*"
-}
-
@@ -1,7 +1,7 @@
-module "search-document-references-fhir-lambda" {
+module "search_document_reference_fhir_lambda" {
   source  = "./modules/lambda"
-  name    = "SearchDocumentReferencesFHIR"
-  handler = "handlers.fhir_document_reference_search_handler.lambda_handler"
+  name    = "SearchDocumentReferenceFhir"
+  handler = "handlers.search_document_reference_fhir_handler.lambda_handler"
   iam_role_policy_documents = [
     module.document_reference_dynamodb_table.dynamodb_read_policy_document,
     module.document_reference_dynamodb_table.dynamodb_write_policy_document,
@@ -14,10 +14,10 @@ module "search-document-references-fhir-lambda" {
     module.ndr-app-config.app_config_policy
   ]
   kms_deletion_window = var.kms_deletion_window
-  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id
-  resource_id         = module.fhir_document_reference_gateway[0].gateway_resource_id
+  rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
+  resource_id         = module.fhir_document_reference_mtls_gateway.gateway_resource_id
   http_methods        = ["GET"]
-  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api.execution_arn
+  api_execution_arn   = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn
   lambda_environment_variables = {
     APPCONFIG_APPLICATION           = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT           = module.ndr-app-config.app_config_environment_id
@@ -34,25 +34,3 @@ module "search-document-references-fhir-lambda" {
     module.lloyd_george_reference_dynamodb_table,
   ]
 }
-
-resource "aws_api_gateway_integration" "search_doc_fhir_lambda_integration" {
-  rest_api_id             = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
-  resource_id             = module.fhir_document_reference_mtls_gateway.gateway_resource_id
-  http_method             = "GET"
-  integration_http_method = "POST"
-  type                    = "AWS_PROXY"
-  uri                     = module.search-document-references-fhir-lambda.invoke_arn
-
-  depends_on = [module.fhir_document_reference_mtls_gateway]
-}
-
-resource "aws_lambda_permission" "lambda_permission_search_mtls_api" {
-  statement_id  = "AllowMtlsApiGatewayInvoke"
-  action        = "lambda:InvokeFunction"
-  function_name = module.search-document-references-fhir-lambda.lambda_arn
-  principal     = "apigateway.amazonaws.com"
-  # The "/*/*" portion grants access from any method on any resource
-  # within the API Gateway REST API.
-  source_arn = "${aws_api_gateway_rest_api.ndr_doc_store_api_mtls.execution_arn}/*/*"
-}
-
@@ -24,61 +24,91 @@ moved {
   to   = module.document-status-check-alarm-topic
 }
 
-#NDR-205
+#NDR-233
+moved {
+  from = module.search-document-references-fhir-lambda.aws_iam_role.lambda_execution_role
+  to   = module.search_document_references_fhir_lambda.aws_iam_role.lambda_execution_role
+}
+
+moved {
+  from = module.search-document-references-fhir-lambda.aws_cloudwatch_log_group.lambda_logs[0]
+  to   = module.search_document_references_fhir_lambda.aws_cloudwatch_log_group.lambda_logs[0]
+}
+
+moved {
+  from = module.search-document-references-fhir-lambda.aws_lambda_function.lambda
+  to   = module.search_document_references_fhir_lambda.aws_lambda_function.lambda
+}
+
+moved {
+  from = module.search-document-references-fhir-lambda.aws_kms_alias.lambda
+  to   = module.search_document_references_fhir_lambda.aws_kms_alias.lambda
+}
+
+moved {
+  from = module.search-document-references-fhir-lambda.aws_iam_policy.combined_policies
+  to   = module.search_document_references_fhir_lambda.aws_iam_policy.combined_policies
+}
 
 moved {
-  from = module.post-document-references-fhir-lambda[0].aws_iam_role.lambda_execution_role
-  to   = module.post-document-references-fhir-lambda.aws_iam_role.lambda_execution_role
+  from = module.search-document-references-fhir-lambda.aws_lambda_permission.lambda_permission[0]
+  to   = module.search_document_references_fhir_lambda.aws_lambda_permission.lambda_permission[0]
 }
 
 moved {
-  from = module.post-document-references-fhir-lambda[0].aws_cloudwatch_log_group.lambda_logs[0]
-  to   = module.post-document-references-fhir-lambda.aws_cloudwatch_log_group.lambda_logs[0]
+  from = module.post-document-references-fhir-lambda.aws_iam_role.lambda_execution_role
+  to   = module.post_document_references_fhir_lambda.aws_iam_role.lambda_execution_role
 }
 
 moved {
-  from = module.post-document-references-fhir-lambda[0].aws_lambda_function.lambda
-  to   = module.post-document-references-fhir-lambda.aws_lambda_function.lambda
+  from = module.post-document-references-fhir-lambda.aws_cloudwatch_log_group.lambda_logs[0]
+  to   = module.post_document_references_fhir_lambda.aws_cloudwatch_log_group.lambda_logs[0]
 }
 
 moved {
-  from = module.post-document-references-fhir-lambda[0].aws_kms_alias.lambda
-  to   = module.post-document-references-fhir-lambda.aws_kms_alias.lambda
+  from = module.post-document-references-fhir-lambda.aws_lambda_function.lambda
+  to   = module.post_document_references_fhir_lambda.aws_lambda_function.lambda
 }
+
+moved {
+  from = module.post-document-references-fhir-lambda.aws_kms_alias.lambda
+  to   = module.post_document_references_fhir_lambda.aws_kms_alias.lambda
+}
+
 moved {
-  from = module.post-document-references-fhir-lambda[0].aws_iam_policy.combined_policies
-  to   = module.post-document-references-fhir-lambda.aws_iam_policy.combined_policies
+  from = module.post-document-references-fhir-lambda.aws_iam_policy.combined_policies
+  to   = module.post_document_references_fhir_lambda.aws_iam_policy.combined_policies
 }
 
 moved {
-  from = module.post-document-references-fhir-lambda[0].aws_lambda_permission.lambda_permission[0]
-  to   = module.post-document-references-fhir-lambda.aws_lambda_permission.lambda_permission[0]
+  from = module.post-document-references-fhir-lambda.aws_lambda_permission.lambda_permission[0]
+  to   = module.post_document_references_fhir_lambda.aws_lambda_permission.lambda_permission[0]
 }
 
 moved {
-  from = module.get-doc-fhir-lambda[0].aws_iam_role.lambda_execution_role
-  to   = module.get-doc-fhir-lambda.aws_iam_role.lambda_execution_role
+  from = module.get-doc-fhir-lambda.aws_iam_role.lambda_execution_role
+  to   = module.get_document_reference_fhir_lambda.aws_iam_role.lambda_execution_role
 }
 
 moved {
-  from = module.get-doc-fhir-lambda[0].aws_cloudwatch_log_group.lambda_logs[0]
-  to   = module.get-doc-fhir-lambda.aws_cloudwatch_log_group.lambda_logs[0]
+  from = module.get-doc-fhir-lambda.aws_cloudwatch_log_group.lambda_logs[0]
+  to   = module.get_document_reference_fhir_lambda.aws_cloudwatch_log_group.lambda_logs[0]
 }
 
 moved {
-  from = module.get-doc-fhir-lambda[0].aws_lambda_function.lambda
-  to   = module.get-doc-fhir-lambda.aws_lambda_function.lambda
+  from = module.get-doc-fhir-lambda.aws_lambda_function.lambda
+  to   = module.get_document_reference_fhir_lambda.aws_lambda_function.lambda
 }
 moved {
-  from = module.get-doc-fhir-lambda[0].aws_kms_alias.lambda
-  to   = module.get-doc-fhir-lambda.aws_kms_alias.lambda
+  from = module.get-doc-fhir-lambda.aws_kms_alias.lambda
+  to   = module.get_document_reference_fhir_lambda.aws_kms_alias.lambda
 }
 moved {
-  from = module.get-doc-fhir-lambda[0].aws_iam_policy.combined_policies
-  to   = module.get-doc-fhir-lambda.aws_iam_policy.combined_policies
+  from = module.get-doc-fhir-lambda.aws_iam_policy.combined_policies
+  to   = module.get_document_reference_fhir_lambda.aws_iam_policy.combined_policies
 }
 
 moved {
-  from = module.get-doc-fhir-lambda[0].aws_lambda_permission.lambda_permission[0]
-  to   = module.get-doc-fhir-lambda.aws_lambda_permission.lambda_permission[0]
+  from = module.get-doc-fhir-lambda.aws_lambda_permission.lambda_permission[0]
+  to   = module.get_document_reference_fhir_lambda.aws_lambda_permission.lambda_permission[0]
 }