Skip to content

CONCEPT Cited by 1 source

Self-DDoS

Definition

A self-DDoS occurs when a system's own internal components generate enough synchronized traffic to overwhelm its own infrastructure, mimicking the effects of an external distributed denial-of-service attack. Unlike a thundering herd triggered by a single external event (cache miss, reconnection storm), a self-DDoS emerges from structural synchronization in the system's normal operation — many components doing the same thing at the same time by design rather than by accident.

Classic trigger: synchronized schedules

The canonical example is hundreds or thousands of Lambda functions using the same rate(5 minutes) schedule expression. Because AWS aligns rate expressions to the clock, all functions fire at the top of the minute simultaneously. At scale (thousands of accounts × multiple scheduled functions), this creates a burst that overwhelms internal APIs.

"We faced a massive metric spike where our own functions effectively overwhelmed (similar to a DDoS attack) our internal APIs. The root cause was synchronized schedules: every Lambda was using the same rate(5 minutes) expression, which aligned to the top of the minute across thousands of accounts." (Source: sources/2026-06-29-aws-lessons-learned-from-scaling-to-1-million-lambda-functions)

Rule of thumb

"Never do the same thing at the same time everywhere."

Solutions

  • patterns/request-scattering — jitter, randomized batch offsets, staggered execution via a standardized library.
  • Per-function random delay within the scheduling window.
  • Hash-based scheduling: compute schedule offset from tenant ID.
  • Rate-limit internal APIs with graceful backpressure.

Relationship to thundering herd

Self-DDoS is a subset of concepts/thundering-herd where the herd is composed of the system's own components rather than external clients. The distinguishing factor is that the trigger is not an exceptional event (outage, cache flush) but normal operation at scale with insufficient temporal dispersion.

Seen in

Last updated · 562 distilled / 1,660 read