Time Complexity: IAM policy for DynamoDB
O(n)
0
0
IAM policy for DynamoDB - Time & Space Complexity
Understanding Time Complexity
We want to understand how the time it takes to check permissions grows when using an IAM policy for DynamoDB.
Specifically, how does the number of permission checks change as the policy or requests grow?
Scenario Under Consideration
Analyze the time complexity of evaluating this IAM policy for DynamoDB access.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["dynamodb:GetItem", "dynamodb:PutItem"],
"Resource": "arn:aws:dynamodb:region:account-id:table/ExampleTable"
}
]
}
This policy allows GetItem and PutItem actions on a specific DynamoDB table.
Identify Repeating Operations
When a request is made, AWS checks the policy statements to decide if the action is allowed.
- Primary operation: Evaluating each statement in the policy against the request.
- How many times: Once per request, checking all statements until a match is found.
How Execution Grows With Input
As the number of statements in the policy grows, the time to check permissions grows too.
| Input Size (n statements) | Approx. Permission Checks |
|---|---|
| 10 | 10 checks |
| 100 | 100 checks |
| 1000 | 1000 checks |
Pattern observation: The number of checks grows directly with the number of statements.
Final Time Complexity
Time Complexity: O(n)
This means the permission check time grows linearly with the number of policy statements.
Common Mistake
[X] Wrong: "Permission checks happen instantly no matter how big the policy is."
[OK] Correct: Each statement must be checked in order, so bigger policies take more time.
Interview Connect
Understanding how permission checks scale helps you design policies that keep your system fast and secure.
Self-Check
"What if the policy uses wildcards (*) in actions or resources? How would that affect the time complexity?"