<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Architecture | The AWS Blog</title><link>https://theawsblog.com/tags/architecture/</link><description>Articles, tutorials and insights from the AWS community.</description><generator>Hugo</generator><language>en</language><managingEditor>@theawsblog (The AWS Blog)</managingEditor><webMaster>@theawsblog</webMaster><lastBuildDate>Mon, 22 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://theawsblog.com/tags/architecture/index.xml" rel="self" type="application/rss+xml"/><item><title>Lambda MicroVMs make isolated sandboxes a serverless design choice</title><link>https://theawsblog.com/news/emiliano-montesdeoca/lambda-microvms-isolated-sandboxes/</link><pubDate>Mon, 22 Jun 2026 00:00:00 +0000</pubDate><author>Emiliano Montesdeoca</author><guid>https://theawsblog.com/news/emiliano-montesdeoca/lambda-microvms-isolated-sandboxes/</guid><description>AWS Lambda MicroVMs give builders a new option for running user-generated and AI-generated code with VM-level isolation, fast resume, and controlled lifecycle state.</description><content:encoded>&lt;p&gt;AWS Lambda MicroVMs are interesting because they do not try to replace normal Lambda functions. They fill a different gap: workloads where the unit of isolation is not an event, but a user session, coding environment, agent run, scanner job, or other stateful sandbox.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://aws.amazon.com/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms/"&gt;AWS announcement&lt;/a&gt; frames this around isolated sandboxes with full lifecycle control. That is the right framing. The practical value is not only that Firecracker provides VM-level isolation. It is that AWS is exposing a managed way to create, pause, resume, and retire those environments without asking every product team to become a virtualization platform team.&lt;/p&gt;
&lt;h2 id="what-changed"&gt;What changed&lt;/h2&gt;
&lt;p&gt;Lambda MicroVMs add a serverless compute primitive inside the Lambda family for running code in isolated, stateful execution environments. The source article describes several important properties:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;each session can run in its own Firecracker-backed MicroVM,&lt;/li&gt;
&lt;li&gt;environments can launch and resume from pre-initialized snapshots,&lt;/li&gt;
&lt;li&gt;memory, disk, and running process state can survive during the session,&lt;/li&gt;
&lt;li&gt;idle environments can be suspended by policy,&lt;/li&gt;
&lt;li&gt;applications get a dedicated endpoint and short-lived request authentication.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;That combination matters for applications that cannot fit cleanly into stateless request-response functions. A code interpreter, browser automation sandbox, vulnerability scanner, AI coding assistant, data notebook, or game scripting environment often needs process state and filesystem state between interactions.&lt;/p&gt;
&lt;h2 id="why-builders-should-care"&gt;Why builders should care&lt;/h2&gt;
&lt;p&gt;The old decision tree was uncomfortable. Virtual machines gave strong isolation but slow startup and more operations. Containers started quickly but shared a kernel, which raises the bar for safely running untrusted code. Lambda functions were operationally simple but not designed for long-running interactive state.&lt;/p&gt;
&lt;p&gt;Lambda MicroVMs create a new middle path. For builders, the design conversation becomes more precise:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Use Lambda functions for event handlers and short stateless tasks.&lt;/li&gt;
&lt;li&gt;Use containers when you need packaging flexibility and can manage isolation risk.&lt;/li&gt;
&lt;li&gt;Use Lambda MicroVMs when each tenant, user, or agent run needs a dedicated stateful sandbox.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;This is especially relevant for AI systems. As more applications let agents write code, execute tools, inspect repositories, or process customer files, isolation becomes part of the product boundary. A prompt injection bug should not become a cross-tenant file access bug.&lt;/p&gt;
&lt;h2 id="the-trade-offs-are-still-real"&gt;The trade-offs are still real&lt;/h2&gt;
&lt;p&gt;MicroVMs reduce a lot of infrastructure work, but they do not remove architecture responsibility.&lt;/p&gt;
&lt;p&gt;First, lifecycle policy becomes a cost control. If idle sessions stay warm too long, the bill can drift. If they suspend too aggressively, users feel resume latency. Teams should treat idle duration as a product setting, not a default copied from a sample.&lt;/p&gt;
&lt;p&gt;Second, snapshot-based startup changes how applications initialize. Code that generates unique state, opens long-lived external connections, or assumes initialization happens once per user action needs careful review.&lt;/p&gt;
&lt;p&gt;Third, stateful sandboxes need cleanup rules. Temporary files, credentials, downloaded packages, generated artifacts, and logs can accumulate. Builders should define what survives during a session, what is exported, and what is destroyed.&lt;/p&gt;
&lt;p&gt;Finally, security does not stop at VM boundaries. The execution role, outbound network policy, source artifact pipeline, token handling, and tenant mapping are still part of the isolation story.&lt;/p&gt;
&lt;h2 id="what-to-do-next"&gt;What to do next&lt;/h2&gt;
&lt;p&gt;I would start with workloads where the current workaround is obviously expensive: per-user EC2 sandboxes, over-hardened container runners, or Lambda workflows full of awkward &lt;code&gt;/tmp&lt;/code&gt; and rehydration logic.&lt;/p&gt;
&lt;p&gt;For a proof of concept, validate four things before celebrating:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Cold launch and resume behavior&lt;/strong&gt; with your real image size and dependencies.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Idle cost profile&lt;/strong&gt; for normal user behavior, not a synthetic benchmark.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Tenant boundary tests&lt;/strong&gt; for filesystem, process, network, and IAM access.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Failure cleanup&lt;/strong&gt; when a session crashes, times out, or is abandoned.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Lambda MicroVMs are not just another Lambda feature. They are AWS acknowledging that the next wave of serverless workloads includes interactive, stateful, sometimes untrusted execution. That is a useful primitive, as long as teams treat it as an isolation architecture rather than a shortcut around security design.&lt;/p&gt;</content:encoded></item></channel></rss>