Findings

AppSync introspection endpoint enabled

Updated: June 19, 2025

findings cloud based findings api finding

Description

Severity: High

The AppSync GraphQL API has introspection enabled.

With introspection enabled, unauthorized users could gain valuable insights into the API's schema, leading to an increased risk of attacks such as unauthorized access, data exposure, or malicious API manipulation. This weakens the security of the AppSync API, potentially exposing sensitive backend services and data to exploitation.

Example Attack

An attacker could leverage the introspection feature to query the AppSync GraphQL schema, revealing detailed information about the API's underlying data models and relationships. Armed with this knowledge, they might craft specific queries to access unauthorized data or manipulate API operations. For instance, if sensitive user data is exposed through the API's schema, the attacker could potentially query for private information without authorization, leading to data leaks or breaches. By disabling introspection, this attack vector is eliminated, safeguarding the API and its data.

Remediation

Disable introspection on the AppSync GraphQL API to prevent unauthorized users from accessing schema details and reduce the risk of exploitation.

Need help?

Contact FireTail support

Previous (Findings - Cloud based findings)
AppSync GraphQL API resolver count limit not set
Next (Findings - Cloud based findings)
AppSync logging is not enabled