aws.amazon.com via Hacker News

AWS Lambda MicroVMs Deliver Firecracker-Based VM Isolation

amazon agents ai infrastructure coding tools ai-infrastructure serverless isolation

TL;DR

  • AWS Lambda MicroVMs provide VM-level isolation for user-supplied or AI-generated code, built on Firecracker virtualization technology.
  • Each MicroVM includes a dedicated HTTPS URL supporting HTTP/2, gRPC, and WebSockets, with suspend-and-resume capability for up to 8 hours.
  • The service launched June 22 in five regions and charges based on baseline compute while the MicroVM runs, with overage for workloads exceeding that baseline.

Running AI-generated or user-supplied code in shared infrastructure has always required either accepting container-level isolation or spinning up full VMs, each with significant tradeoffs in security or operational cost. AWS announced Lambda MicroVMs on June 22 as a serverless option that aims to close that gap: VM-level isolation with near-instant launch speeds, targeting coding assistants, interactive development environments, and vulnerability scanning platforms that need per-user or per-job security boundaries.

The foundation is Firecracker, the same virtualization layer that AWS says powers more than 15 trillion monthly Lambda Function invocations. Each MicroVM gets a dedicated HTTPS URL with support for HTTP/2, gRPC, and WebSockets, and can suspend and resume execution for up to 8 hours, a window sized for interactive sessions rather than long-running batch workloads. Images are built from Dockerfiles, keeping the developer workflow familiar, and MicroVMs can be launched through the Lambda console, CloudFormation, the Cloud Development Kit, or the Agent Toolkit for AWS.

Pricing is based on baseline compute while the MicroVM runs, with additional resource charges when workloads exceed that baseline. The announcement does not give specific figures, so the practical cost of an idle interactive session waiting for user input versus a short, compute-dense job will need to be measured against your actual usage patterns before committing.

The service is available in five regions at launch: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Tokyo), and Europe (Ireland). What the announcement does not give you is specific cold start latency numbers, memory and CPU configuration options, or image size limits, all of which matter for the latency-sensitive use cases like live coding assistants that AWS is explicitly targeting.

For teams building multi-tenant platforms that execute code from different users or from AI models, the appeal is straightforward: true VM boundaries without the operational overhead of managing a fleet of EC2 instances. Whether the 'near-instant' launch claim holds up under real-world load is the key question that only early adopters will be able to answer.

Originally reported by aws.amazon.com

Read the original article →

Original headline: AWS Launches Lambda MicroVMs for Isolated AI and User Code Execution — VM-Level Sandboxing on Firecracker With Eight-Hour Suspend-Resume Support