AWS API Gateway, "HTTP status regex" in "Integration Response" cannot match any string

Question

Some background info: my setting is browser -> api gateway -> ec2 (using spring mvc).
I want to return http status other than 200. After having lot of search in google, I know that I have make some configurations on api gatway. And the followings are my configurations:

1. In Method Response, add http status 400
2. In Integration Response -> HTTP status regex, add .*httpStatus":400.*
3. In ec2 (using spring mvc), I always return http status 400 with the following json as response body (for testing)

   {
   "errorMessage": "{\"errorType\":\"Bad Request\",\"requestId\":\"12345\",\"httpStatus\":400,\"message\":\"you got error\"}"
   }

However, when I test the api (using the "test" button in api gateway), it still return http status 200. (I expect it should be 400)
When I change the regex to .*400.* , it return http status 400 as expected.
When I change the regex to .*httpStatus.* , it return http status 200. (I expect it should be 400)

Why can't the regex .*httpStatus":400.* recognize my json? Even I simpler the regex to .*httpStatus.*.
But the regex .*400.* can recognize the int 400 ...

PS: I never forget to deploy the api after any changes on api gateway

Here is the log

Execution log for request test-request  
Wed Jul 13 15:38:22 UTC 2016 : Starting execution for request: test-invoke-request  
Wed Jul 13 15:38:22 UTC 2016 : HTTP Method: POST, Resource Path: /graphql  
Wed Jul 13 15:38:22 UTC 2016 : Method request path: {}  
Wed Jul 13 15:38:22 UTC 2016 : Method request query string: {}  
Wed Jul 13 15:38:22 UTC 2016 : Method request headers: {}  
Wed Jul 13 15:38:22 UTC 2016 : Method request body before transformations: null  
Wed Jul 13 15:38:22 UTC 2016 : Endpoint request URI: http://awseb-e-e-AWSEBLoa-1OSQBKG0O3J75-968940376.ap-northeast-1.elb.amazonaws.com/graphql  
Wed Jul 13 15:38:22 UTC 2016 : Endpoint request headers: {x-amzn-apigateway-api-id=kymhygbqwa, Accept=application/json, User-Agent=AmazonAPIGateway_kymhygbqwa}  
Wed Jul 13 15:38:22 UTC 2016 : Endpoint request body after transformations: null  
Wed Jul 13 15:38:22 UTC 2016 : Endpoint response body before transformations: {"errorMessage":"{\"errorType\":\"Bad Request\",\"requestId\":\"12345\",\"httpStatus\":400,\"message\":\"you got error\"}"}  
Wed Jul 13 15:38:22 UTC 2016 : Endpoint response headers: {date=Wed, 13 Jul 2016 15:38:22 GMT, server=Apache-Coyote/1.1, expires=0, transfer-encoding=chunked, access-control-allow-headers=Origin, X-Requested-With, Content-Type, Accept, x-frame-options=DENY, access-control-allow-methods=POST, GET, PUT, OPTIONS, DELETE, pragma=no-cache, access-control-allow-origin=*, access-control-max-age=3600, x-content-type-options=nosniff, x-xss-protection=1; mode=block, content-type=application/json;charset=UTF-8, connection=keep-alive, cache-control=no-cache, no-store, max-age=0, must-revalidate}  
Wed Jul 13 15:38:22 UTC 2016 : Method response body after transformations: {"errorMessage":"{\"errorType\":\"Bad Request\",\"requestId\":\"12345\",\"httpStatus\":400,\"message\":\"you got error\"}"}  
Wed Jul 13 15:38:22 UTC 2016 : Method response headers: {Content-Type=application/json}  
Wed Jul 13 15:38:22 UTC 2016 : Successfully completed execution  
Wed Jul 13 15:38:22 UTC 2016 : Method completed with status: 200  

Answer 1

You're missing one key element:

For HTTP and AWS integrations, the error pattern is matched against the HTTP status code of the integration response. For Lambda "invoke" integrations, the error pattern against the the "errorMessage" field in the response.

You will need to use the response status code from your SpringMVC endpoint to control the API Gateway response.

For reference, this nugget of wisdom is buried in section 5.b here:

See also, a blog post on some of the finer points of error mapping here