From d796dcffd6325f4ff053337e88b028c4c5e5a39d Mon Sep 17 00:00:00 2001
From: Shweta <216860557+shweta-nhs@users.noreply.github.com>
Date: Tue, 12 Aug 2025 10:46:58 +0100
Subject: [PATCH] ELI-397: AWS api gateway to handle bad request param error

---
 .../stacks/api-layer/patient_check.tf         | 51 ++++++++++++++++---
 1 file changed, 45 insertions(+), 6 deletions(-)

diff --git a/infrastructure/stacks/api-layer/patient_check.tf b/infrastructure/stacks/api-layer/patient_check.tf
index a0cf18a8e..030e69a65 100644
--- a/infrastructure/stacks/api-layer/patient_check.tf
+++ b/infrastructure/stacks/api-layer/patient_check.tf
@@ -1,4 +1,3 @@
-
 resource "aws_api_gateway_request_validator" "patient_check_validator" {
   rest_api_id                 = module.eligibility_signposting_api_gateway.rest_api_id
   name                        = "validate-path-params"
@@ -27,12 +26,12 @@ resource "aws_api_gateway_method" "get_patient_check" {
 }
 
 resource "aws_api_gateway_integration" "get_patient_check" {
-  rest_api_id             = module.eligibility_signposting_api_gateway.rest_api_id
-  resource_id             = aws_api_gateway_resource.patient.id
-  http_method             = aws_api_gateway_method.get_patient_check.http_method
+  rest_api_id = module.eligibility_signposting_api_gateway.rest_api_id
+  resource_id = aws_api_gateway_resource.patient.id
+  http_method = aws_api_gateway_method.get_patient_check.http_method
   integration_http_method = "POST" # Needed for lambda proxy integration
-  type                    = "AWS_PROXY"
-  uri                     = module.eligibility_signposting_lambda_function.aws_lambda_invoke_arn
+  type        = "AWS_PROXY"
+  uri         = module.eligibility_signposting_lambda_function.aws_lambda_invoke_arn
 
   depends_on = [
     aws_api_gateway_method.get_patient_check
@@ -47,3 +46,43 @@ resource "aws_lambda_permission" "get_patient_check" {
 
   source_arn = "${module.eligibility_signposting_api_gateway.execution_arn}/*/*"
 }
+
+resource "aws_api_gateway_gateway_response" "bad_request_parameters" {
+  rest_api_id   = module.eligibility_signposting_api_gateway.rest_api_id
+  response_type = "BAD_REQUEST_PARAMETERS"
+  status_code   = "400"
+
+  response_templates = {
+    "application/json" = jsonencode({
+      resourceType = "OperationOutcome"
+      id           = "$context.requestId"
+      meta = {
+        lastUpdated = "$context.requestTime"
+      }
+      issue = [
+        {
+          severity = "error"
+          code     = "invalid"
+          details = {
+            coding = [
+              {
+                system  = "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
+                code    = "BAD_REQUEST",
+                display = "Bad Request"
+              }
+            ]
+          }
+          diagnostics = "Missing required NHS Number from path parameters",
+          location = [
+            "parameters/id"
+          ]
+        }
+      ]
+    })
+  }
+
+  response_parameters = {
+    "gatewayresponse.header.Access-Control-Allow-Origin" = "'*'"
+    "gatewayresponse.header.Content-Type"                = "'application/fhir+json'"
+  }
+}