Suitable for running untrusted code, AI agents, or any long-running task

AWS has introduced Lambda MicroVMs, built on its Firecracker virtual machine monitor, which can run isolated Linux containers with runtimes of up to eight hours, in contrast to the 15-minute limit on containers in Lambda functions.MicroVMs form a new core feature of Lambda, the AWS serverless platform. Developers provide a Dockerfile defining a container along with application artifacts, and upload it to Amazon S3. Lambda builds this into a Firecracker snapshot, which can then be run with multiple instances if needed. AWS presents the primary purpose of MicroVMs as providing an isolated environment for running code, such as inspecting potentially malicious packages, scanning for vulnerabilities, or running AI-generated code while guarding against prompt injection and insecure output. They are also suitable for running code as part of a CI/CD process.

Developers have noted that the new feature has plenty of uses beyond code isolation. "This lets you run anything you like and for up to 8 hours all while giving you full shell access to the VM and unopinionated HTTP ingress. All while still getting the benefits of SnapStart and true consumption-based pricing as opposed to wall-time pricing. It's a complement to functions," said one.