FireCracker internals: a deep dive inside the technology powering AWS Lambda
You are most likely familiar with AWS Lambda and Fargate — Amazon’s serverless computing engines. At its nature, serverless computing introduces quite a challenging task requiring both tight security and great performance. For exactly that matter Amazon came up with its microVM solution called FireCracker.
MicroVMs are merely a fancy name for minimal, lightweight Virtual Machines. They are spawned by lightweight Virtual Machine Monitors (VMMs), stripped out of redundant & nice-to-have features. Much like good-old fashioned VMs, they provide hardware-level virtualization for isolation & security.
FireCracker is a VMM which utilizes Linux Kernel-based Virtual Machine (KVM). It is created by Amazon to solve their container workloads needs. It is open source, written in (the incredibly awesome) Rust, and used in production since 2018.
Up until recently, Lambda was being run on top of regular Linux containers isolated inside separate virtual machines. Each container served a different Lambda function while each VM served a different tenant. Although highly effective in terms of security, this set-up meant limited performance and has proven to be hard to pack variable-size workloads onto fixed-size VMs.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25419483/247092_Student_activist_doxxing_AKrales_1438.jpg)
