You might think AWS Lambda functions are running on some container engine like Docker, but that's not the case! Container technologies don't provide the level of isolation required, and if there's a vulnerability in the container runtime, your entire container environment could be compromised. Instead, AWS Lambda takes a different approach.
Your code is first packaged into a lightweight container, which is then placed inside a micro-VM powered by Firecracker, an open-source project. Firecracker is written in Rust, a language known for its memory safety and performance. This, along with a streamlined kernel loading process, enables a < 125 ms startup time and a < 5 MiB memory footprint, making it incredibly efficient.
Firecracker enables the deployment of workloads in lightweight virtual machines, called microVMs, which provide enhanced security and workload isolation over traditional VMs, while maintaining the speed and resource efficiency of containers.
Firecracker was developed at Amazon Web Services to improve the customer experience of services like AWS Lambda and AWS Fargate. This approach offers great efficiency and automatic scaling while maintaining a high level of isolation between functions
Top comments (0)