AWS Shield for DDoS protection - Time & Space Complexity

We want to understand how the time to protect your application grows as the number of attacks or requests increases.

Specifically, how does AWS Shield handle more traffic or more attack attempts over time?

Analyze the time complexity of AWS Shield monitoring and mitigation during a DDoS attack.

// AWS Shield automatically monitors incoming traffic
// When attack traffic is detected, it applies mitigation
// Mitigation includes filtering and rate limiting
// This process repeats as long as traffic flows
// AWS Shield integrates with CloudWatch for alerts
    

This sequence shows AWS Shield continuously monitoring and mitigating attack traffic in real time.

Look at what happens repeatedly during protection.

• Primary operation: Continuous traffic inspection and filtering by AWS Shield.
• How many times: This happens constantly for every packet or request during the attack.

As the number of incoming requests or attack packets increases, AWS Shield must inspect and filter each one.

Input Size (n)	Approx. API Calls/Operations
10	10 inspections and possible mitigations
100	100 inspections and possible mitigations
1000	1000 inspections and possible mitigations

Pattern observation: The number of operations grows directly with the number of incoming requests.

Time Complexity: O(n)

This means the time to inspect and mitigate grows linearly with the number of incoming requests.

[X] Wrong: "AWS Shield processes all attack traffic instantly, so time does not increase with more requests."

[OK] Correct: Even though AWS Shield is fast, it still needs to inspect each request, so more requests mean more processing time overall.

Understanding how protection scales with traffic helps you design systems that stay safe and responsive under pressure.

"What if AWS Shield used sampling instead of inspecting every request? How would the time complexity change?"