diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json new file mode 100644 index 0000000000000..8202fda5ae125 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "apiDefaultTestDeployAssert018781F2.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/integ.json new file mode 100644 index 0000000000000..1c3707aa5a091 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "api/DefaultTest": { + "stacks": [ + "stack" + ], + "assertionStack": "api/DefaultTest/DeployAssert", + "assertionStackName": "apiDefaultTestDeployAssert018781F2" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/manifest.json new file mode 100644 index 0000000000000..7c691b1ab7250 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/manifest.json @@ -0,0 +1,131 @@ +{ + "version": "36.0.0", + "artifacts": { + "stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/4a4743ab86ffb5a36ee7fe130a71132db740f65aa7f4c6b86ca1155f8b488b7e.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "stack.assets" + ], + "metadata": { + "/stack/ApiLimitConfigs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiLimitConfigsC74D7493" + } + ], + "/stack/ApiLimitConfigs/Schema": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiLimitConfigsSchema1451D8D1" + } + ], + "/stack/ApiLimitConfigs/DefaultApiKey": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiLimitConfigsDefaultApiKey7D682F04" + } + ], + "/stack/ApiLimitConfigs/NoneDS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ApiLimitConfigsNoneDS3CA3BDA6" + } + ], + "/stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "stack" + }, + "apiDefaultTestDeployAssert018781F2.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "apiDefaultTestDeployAssert018781F2.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "apiDefaultTestDeployAssert018781F2": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "apiDefaultTestDeployAssert018781F2.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "apiDefaultTestDeployAssert018781F2.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "apiDefaultTestDeployAssert018781F2.assets" + ], + "metadata": { + "/api/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/api/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "api/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/stack.assets.json new file mode 100644 index 0000000000000..bb30ac7514210 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/stack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "4a4743ab86ffb5a36ee7fe130a71132db740f65aa7f4c6b86ca1155f8b488b7e": { + "source": { + "path": "stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "4a4743ab86ffb5a36ee7fe130a71132db740f65aa7f4c6b86ca1155f8b488b7e.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/stack.template.json new file mode 100644 index 0000000000000..5c0a093e92174 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/stack.template.json @@ -0,0 +1,86 @@ +{ + "Resources": { + "ApiLimitConfigsC74D7493": { + "Type": "AWS::AppSync::GraphQLApi", + "Properties": { + "AuthenticationType": "API_KEY", + "Name": "ApiLimitConfigs", + "QueryDepthLimit": 2, + "ResolverCountLimit": 2 + } + }, + "ApiLimitConfigsSchema1451D8D1": { + "Type": "AWS::AppSync::GraphQLSchema", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "ApiLimitConfigsC74D7493", + "ApiId" + ] + }, + "Definition": "type test {\n version: String!\n}\ntype Query {\n getTests: [test]!\n}\ntype Mutation {\n addTest(version: String!): test\n}\n" + } + }, + "ApiLimitConfigsDefaultApiKey7D682F04": { + "Type": "AWS::AppSync::ApiKey", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "ApiLimitConfigsC74D7493", + "ApiId" + ] + } + }, + "DependsOn": [ + "ApiLimitConfigsSchema1451D8D1" + ] + }, + "ApiLimitConfigsNoneDS3CA3BDA6": { + "Type": "AWS::AppSync::DataSource", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "ApiLimitConfigsC74D7493", + "ApiId" + ] + }, + "Name": "NoneDS", + "Type": "NONE" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/tree.json new file mode 100644 index 0000000000000..7990b054a38cd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.js.snapshot/tree.json @@ -0,0 +1,206 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "stack": { + "id": "stack", + "path": "stack", + "children": { + "ApiLimitConfigs": { + "id": "ApiLimitConfigs", + "path": "stack/ApiLimitConfigs", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/ApiLimitConfigs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLApi", + "aws:cdk:cloudformation:props": { + "authenticationType": "API_KEY", + "name": "ApiLimitConfigs", + "queryDepthLimit": 2, + "resolverCountLimit": 2 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLApi", + "version": "0.0.0" + } + }, + "Schema": { + "id": "Schema", + "path": "stack/ApiLimitConfigs/Schema", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLSchema", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "ApiLimitConfigsC74D7493", + "ApiId" + ] + }, + "definition": "type test {\n version: String!\n}\ntype Query {\n getTests: [test]!\n}\ntype Mutation {\n addTest(version: String!): test\n}\n" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLSchema", + "version": "0.0.0" + } + }, + "DefaultApiKey": { + "id": "DefaultApiKey", + "path": "stack/ApiLimitConfigs/DefaultApiKey", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::ApiKey", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "ApiLimitConfigsC74D7493", + "ApiId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnApiKey", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "stack/ApiLimitConfigs/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "NoneDS": { + "id": "NoneDS", + "path": "stack/ApiLimitConfigs/NoneDS", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/ApiLimitConfigs/NoneDS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::DataSource", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "ApiLimitConfigsC74D7493", + "ApiId" + ] + }, + "name": "NoneDS", + "type": "NONE" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnDataSource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.NoneDataSource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.GraphqlApi", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "api": { + "id": "api", + "path": "api", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "api/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "api/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "api/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "api/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "api/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.ts new file mode 100644 index 0000000000000..62832101c5411 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-limit-configs.ts @@ -0,0 +1,24 @@ +import * as path from 'path'; +import * as cdk from 'aws-cdk-lib'; +import * as appsync from 'aws-cdk-lib/aws-appsync'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'stack'); + +const api = new appsync.GraphqlApi(stack, 'ApiLimitConfigs', { + name: 'ApiLimitConfigs', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + queryDepthLimit: 2, + resolverCountLimit: 2, +}); + +api.addNoneDataSource('NoneDS', { + name: cdk.Lazy.string({ produce(): string { return 'NoneDS'; } }), +}); + +new IntegTest(app, 'api', { + testCases: [stack], +}); + +app.synth(); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-appsync/README.md b/packages/aws-cdk-lib/aws-appsync/README.md index 119b139ff0721..c001eb67b121a 100644 --- a/packages/aws-cdk-lib/aws-appsync/README.md +++ b/packages/aws-cdk-lib/aws-appsync/README.md @@ -757,6 +757,33 @@ const api = new appsync.GraphqlApi(this, 'api', { }); ``` +## Query Depth Limits + +By default, queries are able to process an unlimited amount of nested levels. +Limiting queries to a specified amount of nested levels has potential implications for the performance and flexibility of your project. + +```ts +const api = new appsync.GraphqlApi(this, 'api', { + name: 'LimitQueryDepths', + definition: appsync.Definition.fromFile(path.join(__dirname, 'appsync.schema.graphql')), + queryDepthLimit: 2, +}); +``` + +## Resolver Count Limits + +You can control how many resolvers each query can process. +By default, each query can process up to 10000 resolvers. +By setting a limit AppSync will not handle any resolvers past a certain number limit. + +```ts +const api = new appsync.GraphqlApi(this, 'api', { + name: 'LimitResolverCount', + definition: appsync.Definition.fromFile(path.join(__dirname, 'appsync.schema.graphql')), + resolverCountLimit: 2, +}); +``` + ## Environment Variables To use environment variables in resolvers, you can use the `environmentVariables` property and diff --git a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts index 75420814843b7..0c3d28173941d 100644 --- a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts +++ b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts @@ -443,6 +443,22 @@ export interface GraphqlApiProps { */ readonly introspectionConfig?: IntrospectionConfig; + /** + * A number indicating the maximum depth resolvers should be accepted when handling queries. + * Value must be withing range of 0 to 75 + * + * @default - The default value is 0 (or unspecified) which indicates no maximum depth. + */ + readonly queryDepthLimit?: number; + + /** + * A number indicating the maximum number of resolvers that should be accepted when handling queries. + * Value must be withing range of 0 to 10000 + * + * @default - The default value is 0 (or unspecified), which will set the limit to 10000 + */ + readonly resolverCountLimit?: number; + /** * A map containing the list of resources with their properties and environment variables. * @@ -594,6 +610,13 @@ export class GraphqlApi extends GraphqlApiBase { if ((props.schema !== undefined) === (props.definition !== undefined)) { throw new Error('You cannot specify both properties schema and definition.'); } + if (props.queryDepthLimit !== undefined && (props.queryDepthLimit < 0 || props.queryDepthLimit > 75)) { + throw new Error('You must specify a query depth limit between 0 and 75.'); + } + if (props.resolverCountLimit !== undefined && (props.resolverCountLimit < 0 || props.resolverCountLimit > 10000)) { + throw new Error('You must specify a resolver count limit between 0 and 10000.'); + } + this.definition = props.schema ? Definition.fromSchema(props.schema) : props.definition!; if (this.definition.sourceApiOptions) { @@ -620,6 +643,8 @@ export class GraphqlApi extends GraphqlApiBase { mergedApiExecutionRoleArn: this.mergedApiExecutionRole?.roleArn, apiType: this.definition.sourceApiOptions ? 'MERGED' : undefined, introspectionConfig: props.introspectionConfig, + queryDepthLimit: props.queryDepthLimit, + resolverCountLimit: props.resolverCountLimit, environmentVariables: Lazy.any({ produce: () => this.renderEnvironmentVariables() }), }); diff --git a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts index ee7e2bf9707b4..015491c97e891 100644 --- a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts +++ b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts @@ -313,4 +313,61 @@ test('when introspectionConfig is set it should be used when creating the API', Template.fromStack(stack).hasResourceProperties('AWS::AppSync::GraphQLApi', { IntrospectionConfig: 'DISABLED', }); +}); + +test('when query limits are set, they should be used on API', () => { + // WHEN + new appsync.GraphqlApi(stack, 'query-limits', { + authorizationConfig: {}, + name: 'query-limits', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + queryDepthLimit: 2, + resolverCountLimit: 2, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppSync::GraphQLApi', { + QueryDepthLimit: 2, + ResolverCountLimit: 2, + }); +}); + +test('when query depth limit is out of range, it throws an error', () => { + + const errorString = 'You must specify a query depth limit between 0 and 75.'; + + const buildWithLimit = (name, queryDepthLimit) => { + new appsync.GraphqlApi(stack, name, { + authorizationConfig: {}, + name: 'query-limits', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + queryDepthLimit, + }); + }; + + expect(() => buildWithLimit('query-limit-low', -1)).toThrow(errorString); + expect(() => buildWithLimit('query-limit-min', 0)).not.toThrow(errorString); + expect(() => buildWithLimit('query-limit-max', 75)).not.toThrow(errorString); + expect(() => buildWithLimit('query-limit-high', 76)).toThrow(errorString); + +}); + +test('when resolver limit is out of range, it throws an error', () => { + + const errorString = 'You must specify a resolver count limit between 0 and 10000.'; + + const buildWithLimit = (name, resolverCountLimit) => { + new appsync.GraphqlApi(stack, name, { + authorizationConfig: {}, + name: 'query-limits', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + resolverCountLimit, + }); + }; + + expect(() => buildWithLimit('resolver-limit-low', -1)).toThrow(errorString); + expect(() => buildWithLimit('resolver-limit-min', 0)).not.toThrow(errorString); + expect(() => buildWithLimit('resolver-limit-max', 10000)).not.toThrow(errorString); + expect(() => buildWithLimit('resolver-limit-high', 10001)).toThrow(errorString); + }); \ No newline at end of file