AWS debuts Lambda MicroVMs with up to 8 hours runtime

AWS has introduced Lambda MicroVMs, built on its Firecracker virtual machine monitor, which can run isolated Linux containers with runtimes of up to eight hours, in contrast to the 15-minute limit on containers in Lambda functions.

MicroVMs form a new core feature of Lambda, the AWS serverless platform. Developers provide a Dockerfile defining a container along with application artifacts, and upload it to Amazon S3. Lambda builds this into a Firecracker snapshot, which can then be run with multiple instances if needed. 

AWS presents the primary purpose of MicroVMs as providing an isolated environment for running code, such as inspecting potentially malicious packages, scanning for vulnerabilities, or running AI-generated code while guarding against prompt injection and insecure output. They are also suitable for running code as part of a CI/CD process.

Developers have noted that the new feature has plenty of uses beyond code isolation. "This lets you run anything you like and for up to 8 hours all while giving you full shell access to the VM and unopinionated HTTP ingress. All while still getting the benefits of SnapStart and true consumption-based pricing as opposed to wall-time pricing. It's a complement to functions," said one.

Another obvious use case is for AI agents, though the company already offers AgentCore Runtime, which looks a lot like MicroVMs. Both have a maximum lifetime of eight hours, for example. MicroVMs are more generalized, though, and unlike the AgentCore Runtime, a MicroVM can be suspended and resumed. AWS does provide a skill for its Agent Toolkit that uses MicroVMs, making this a simpler alternative to the AgentCore runtime. AWS also provides a guide to using MicroVMs for AI agents managed by Anthropic Claude.

Using AWS Lambda MicroVMs as sandboxes for Anthrophic Claude managed agents AWS

A MicroVM has several possible states, including running, suspended, and terminated. It can automatically scale up to four times the base specification, and automatically suspend when there is no traffic. When it resumes, for example in response to a new network request, its state is preserved.

MicroVM pricing is based on per-second usage of vCPU, RAM (provisioned in a 2:1 GB ratio to vCPU), snapshot storage, and data transfer. When a MicroVM is suspended, the compute charges cease. At the time of writing, it appears that MicroVMs are only available in US East, US West, Tokyo, and Ireland regions, and only Arm-based AWS Graviton instances are supported.

Although a MicroVM is an isolated VM, this is only one element of using AI securely, since it may need network access to other resources.

The ability to run a container on Lambda for more than 15 minutes has been a common request that MicroVMs now address. The feature provides a serverless, ephemeral environment that is nevertheless suitable for relatively long-running tasks or a full day of coding, with its relatively high compute price mitigated by scaling down to just snapshot storage costs when not in use. ®