Botnets tests their capabilities all the time. This could have been a command and control test, a test to see what they could muster, or a demonstration.
When testing they seldom run for a long time.
Cloudflare's mitigation would've dropped in on the metals and still been visible to Cloudflare's monitoring... so the attackers stopped after a minute.
So those nice graphs on Cloudflare's blog are exactly the information the attackers wanted? If that's the case, by publishing such detailed post-morterms, Cloudflare is just inviting future test attacks.
I used to run the servers for a popular website. It was common to get DDoSed targeting our servers (or more frequently, just a single one out of the group) for exactly 90 seconds (plus or minus a few systems that had poor ntp synchronization). Whether or not that took my servers down, the attack would stop.
To my knowledge, we never got any communication from the people behind the attack, seemed like people just kicking the tires on DDoS as a service. Ocassionally, we'd get a longer interval, sometimes 60 minutes.
When testing they seldom run for a long time.
Cloudflare's mitigation would've dropped in on the metals and still been visible to Cloudflare's monitoring... so the attackers stopped after a minute.