Skip to main content

GraphQL Query Limits

Overview

Depot supports configurable GraphQL query limits to protect against oversized or overly complex queries. These limits are enforced by the connector and can be configured via the frontend.graphql property on the Environment construct.

All properties are optional. If a property is not set, default limit is enforced for that dimension.

Configuration

import { Environment } from "@stage-tech/depot-cdk";

new Environment(stack, "MyEnvironment", {
account: { name: "example", id: Aws.ACCOUNT_ID },
name: "example",
frontend: {
graphql: {
maxQueryDepth: 10,
maxQueryComplexity: 100,
maxQueryCharacters: 5000,
}
}
});

Properties

PropertyTypeDescription
maxQueryCharactersnumberMax characters allowed in a query
maxQueryTokensnumberMax tokens allowed in a query
maxWhitespaceTokensnumberMax whitespace tokens in a query
maxRuleDepthnumberMax parser rule depth
maxQueryComplexitynumberMax computed query complexity
maxQueryDepthnumberMax nesting depth of a query
tip

Start with permissive limits and tighten them based on observed query patterns. Setting limits too aggressively may block legitimate queries.