The Task API currently does not validate that a ProjectId given to it in a POST request is valid and exists.
To address this a SNS subscriber needs to be created for listening to project-created events. These events are already being published by the Project API.
The Task API can store the project-created event data in a dedicated ProjectLookup DynamoDB Table. When HTTP POST are made a query against the table can be made to validate the ProjectId delivered is real and can be used.
The project-deleted SNS event handler will need to be updated to delete the Project from the new ProjectLookup table when it is triggered to delete Project Tasks.
The Task API currently does not validate that a
ProjectIdgiven to it in a POST request is valid and exists.To address this a SNS subscriber needs to be created for listening to
project-createdevents. These events are already being published by the Project API.The Task API can store the
project-createdevent data in a dedicatedProjectLookupDynamoDB Table. When HTTP POST are made a query against the table can be made to validate theProjectIddelivered is real and can be used.The
project-deletedSNS event handler will need to be updated to delete the Project from the newProjectLookuptable when it is triggered to delete Project Tasks.