The AppSync GraphQL API is currently configured with no resolver count limit, effectively allowing an unlimited number of resolvers to be executed in a single query (a resolver count limit of 0). This configuration poses significant risks, as it allows users to construct complex queries that can trigger an excessive number of resolvers simultaneously. This can lead to performance issues, increased latency, and even denial-of-service (DoS) vulnerabilities, especially under heavy load or in the event of an attack. By not limiting the number of resolvers, the API is more susceptible to resource exhaustion, which can severely impact the user experience and overall service availability.
