Amazon introduces Firecracker: Lightweight Virtualization for Running Multi-Tenant Container Workloads

The Amazon re:Invent conference 2018 saw a surge of new announcements and releases. The five day event that commenced in Las Vegas yesterday, already saw some exciting developments in the field of AWS, like the AWS RoboMaker, AWS Transfer for SFTP – Fully Managed SFTP Service for Amazon S3, EC2 Instances (A1) Powered by Arm-Based AWS Graviton Processors, an improved AWS Snowball edge and much more.

In this article, we will understand their latest release- ‘Firecracker’, a New Virtualization Technology and Open Source Project for Running Multi-Tenant Container Workloads.

Firecracker is open sourced under Apache 2.0 and enables service owners to operate secure multi-tenant container-based services. It combines the speed, resource efficiency, and performance enabled by containers with the security and isolation offered by traditional VMs. Firecracker implements a virtual machine manager (VMM) based on Linux’s Kernel-based Virtual Machine (KVM). Users can create and manage microVMs with any combination of vCPU and memory with the help of a RESTful API. It incorporates a faster startup time, provides a reduced memory footprint for each microVM, and offers a trusted sandboxed environment for each container.

Features of Firecracker

• Firecracker uses multiple levels of isolation and protection, and hence is really secure by nature.
• The security model includes a very simple virtualized device model in order to minimize the attack surface, Process Jail and Static Linking functionality.
• It delivers a high performance, allowing users to launch a microVM in as little as 125 ms
• It has a low overhead and consumes about 5 MiB of memory per microVM. This means a user can run thousands of secure VMs with widely varying vCPU and memory configurations on the same instance.
• Firecracker is written in Rust, which guarantees thread safety and prevents many types of buffer overrun errors that can lead to security vulnerabilities.

The AWS community has shown a positive response towards this release:

AWS Lambda uses Firecracker for provisioning and running secure sandboxes to execute customer functions. These sandboxes can be quickly provisioned with a minimal footprint, enabling performance along with security. AWS Fargate Tasks also execute on Firecracker microVMs, which allows the Fargate runtime layer to run faster and efficiently on EC2 bare metal instances.

To learn more, head over to the Firecracker page. You can also read more at Jeff Barr’s blog and the Open Source blog.

Read Next

AWS re:Invent 2018: Amazon announces a variety of AWS IoT releases
Amazon rolls out AWS Amplify Console, a deployment and hosting service for mobile web apps, at re:Invent 2018
Amazon re:Invent 2018: AWS Snowball Edge comes with GPU option and more computing power