AWS Lambda now offers MicroVMs, a compute primitive designed to run user- or AI-generated code inside isolated, stateful environments without forcing developers to build their own virtualization stack.
Each MicroVM runs in its own Firecracker-backed virtual machine - no shared kernel, no shared resources. Developers package a Dockerfile and code into a zip, upload it to S3, and Lambda builds a snapshot of the fully initialized environment. Every subsequent launch resumes from that snapshot, which means near-instant startup even for large sessions. MicroVMs can stay alive for up to 8 hours, auto-suspend after a configurable idle window, and resume with memory and disk state intact when the next request arrives. Authentication is handled via short-lived tokens attached to standard HTTPS requests, and AWS handles the networking.
The gap Lambda MicroVMs fills is real. VMs offer strong isolation but boot in minutes; containers share a kernel and need hardening to safely run untrusted code; serverless functions are stateless by design. AI coding assistants, interactive notebooks, and vulnerability scanners all need something in between - a per-user environment that's both fast and genuinely isolated. Until now, teams either accepted the tradeoffs or built custom infrastructure, which is expensive and pulls engineers away from the product.
Firecracker, the same open-source hypervisor behind standard Lambda functions, already handles over 15 trillion monthly invocations, so the underlying technology is proven at scale. That said, AWS is careful to position MicroVMs as complementary to Lambda Functions, not a replacement - which is accurate, and also convenient for AWS's billing ambitions. Whether pricing makes this cheaper than running your own Firecracker fleet is the question engineering teams will want to answer before committing.