Modal Title
Serverless

AWS Firecracker: A Micro-VM for Serverless Deployments

Sensing the need to bring virtualization- based security rigor to and multi-tenancy serverless workloads, Amazon Web Services has released as open source a "micro-VM" ideally suite for serverless environments. 
Nov 27th, 2018 11:54am by
Featued image for: AWS Firecracker: A Micro-VM for Serverless Deployments

Sensing the need to bring virtualization-based security rigor and multitenancy to serverless workloads, Amazon Web Services has released as open source a “micro-VM” ideally suited for serverless environments.

Many serverless workloads are event-driven, and often short-lived, and existing virtualization technologies don’t fit easily in this workflow. “We needed something that could give us the hardware virtualization-based security boundaries of virtual machines while maintaining the smaller package size and agility of containers and functions,” wrote  AWS’ Technical Evangelist Arun Gupta and AWS serverless product manager Linda Lian, in a blog post announcing the release.

The company announced the project at its AWS re:Invent user conference, being held this week in Las Vegas.

Built on the Linux Kernel-based Virtual Machine (KVM) and written in Rust, Firecracker provides a way to create micro Virtual Machines (microVMs) in traditionally non-virtualized environments. The MicroVMs are created in less than a second and offer the security and workload isolation offered by traditional VMs as well as the resource efficiency of containers, explained AWS Chief Evangelist Jeff Barr in a post describing the technology in further detail. Firecracker offers a simple guest model, static linking, and a process jail with access to a small, tightly controlled list of system calls.

Firecracker currently runs on Intel processors, with support for AMD and ARM chips coming in 2019. It can easily run on bare-metal services, including AWS’ own .metal instances.  In his post, Barr offers a walk-through of how to run Firecracker on an n i3.metal instance. AWS itself uses Firecracker to run containerized workloads for customers of its Fargate service.

AWS has also introduced a prototype, based on containerd, that will allow the micro-VMs to be managed in container services such as the Docker runtime or Kubernetes.

Firecracker is licensed under Apache 2.0.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.
TNS owner Insight Partners is an investor in: Docker, Hightower.