AppSync GraphQL API query depth limit high

Updated: June 19, 2025

findings cloud based findings api finding

Description

Severity: Medium

The AppSync GraphQL API has a high query depth limit.

A high query depth limit increases the risk of performance bottlenecks, leading to slow responses or potential outages. Attackers or even legitimate users could unintentionally issue complex, deeply nested queries that overload the system, consuming excessive resources and reducing the overall availability and responsiveness of the API.

Remediation

Set a query depth limit on the AppSync GraphQL API to less than 10.

Need help?

Contact FireTail support

Previous (Findings - Cloud based findings): AppSync Graphql API is missing WAF
Next (Findings - Cloud based findings): AppSync GraphQL API query depth limit not set