Control GraphQL execution complexity, query depth, and introspection with AWS Ap...
source link: https://aws.amazon.com/blogs/mobile/control-graphql-execution-complexity-query-depth-and-introspection-with-aws-appsync/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Control GraphQL execution complexity, query depth, and introspection with AWS AppSync
by Brice Pellé and Eric Robertson | on 18 MAR 2024 | in AWS AppSync, Front-End Web & Mobile | Permalink | Share
This article is written by Erik Yang with contributions from Eric Robertson
AWS AppSync recently announced new configuration options that make it easier for customers to configure limits to how their APIs can be consumed. These options allow customers to set a maximum number of resolvers per query, a maximum depth of queried data, and allows to disable introspection queries. When APIs are deployed to production, it is important to put safeguards in place to prevent misuse, intentionally or otherwise, of the system that has been built. These new configurations are in line with AppSync’s goals to provide the best developer experience for interacting with your data.
In this blog, we will show how these configuration can be used with your AWS AppSync API.
Introspection
AppSync APIs, by default, allow special introspection queries to be run which provide consumers data about the schema itself. This can be a very helpful feature which enables a wide variety of use cases for both developers and end users, but can also raise security concerns when the content of the schema should remain hidden. When configuring your AppSync API, users can now determine if the introspection feature should be enabled.
This is now possible in the AWS Console, through the AWS Command Line Interface, AWS SDKs, and through AWS CloudFormation. Below is an example using the AWS Console. Introspection is enabled by default, but you can choose to disable it.
When introspection is disabled, a client which uses an introspection query to view the schema will receive validation errors on their query, like below.
When introspection is enabled, introspection queries are permitted to execute.
GraphQL Query Depth Limit
AWS AppSync now lets users set the maximum allowed query depth for a given API. Below, the setting is shown under an API’s configuration page for a given AWS AppSync GraphQL API. When not specified for an API, there is no enforced limit for how deep a query can be resolved.
Below, the depth limit has been set to 2. Any resolver on the 3th level or lower will return a query depth limit reached error.
Note that fields can be marked as either null-able or non-null-able in the AppSync Schema. If a field is marked as as non-null-able and receives an error, that error will propagate upwards to the first null-able field available.
Resolver Count Limit
AWS AppSync now lets users set the maximum number of allowed resolvers to invoke per query. Below is the setting on the the API’s configuration page for a given AWS AppSync GraphQL API. When not specified for an API, the limit falls back to the default 10,000 limit for the number of resolvers a query can invoke.
Similar to query depth, when a client sends a request that invokes more resolvers than the limit regulated by the customer, the query responds with a limit error. Below we have set the resolver count to 2, which means the third resolver below throws an error and does not run.
Summary
Today we demonstrated AWS AppSync’s new API configurations for schema introspection, query depth, and resolver count. Through these fields, customers now have more control over how their API is utilized and can put in place limits to prevent misuse. Try it out today in the AWS AppSync Console.
Recommend
-
71
GitHub is where people build software. More than 27 million people use GitHub to discover, fork, and contribute to over 80 million projects.
-
44
Hey, Continuing from where we left at the latest article ( How Linux creates Sockets ), in this blog post we go through the internals of what hap...
-
36
Cloud Spanner adds enhanced query introspection, new regio...
-
14
Frequencies of observed values over time from load ports. Here we’re seeing the processor internally performing a microcode-assisted p...
-
6
Twitter Follow me at @gamozolabs on Twitter if you want notifications when new blogs come up. I also do random one-off posts for cool data that doesn’t warrant an entire blog! Su...
-
4
From a woman in tech to former nerds: a call for introspectionGender equality through the lens of the geek culture
-
23
ERC-1820 Registry Smart Contract This is an exact copy of the code of the ERC1...
-
3
Programming Concepts: Type Introspection and Reflection February 12, 2016 Often times during the runtime of a program, we need to ask questions about some of our data – things like what type it is or if...
-
2
News Of Slide Switches and Interface Design: Introspection on UX and EEs one day ago by Jake Hertz A lesser-discussed aspect of electronics...
-
3
GraphQL introspection query via curl cat introspection_query.json { "query": "query IntrospectionQuery { __schema { queryType { name } mutationType { name } subscriptio...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK