AWS Lambda MicroVMs: Stateful Serverless Computing Without EC2 Overhead

AWS redefined serverless computing once more with the June 22, 2026 launch of Lambda MicroVMs—a groundbreaking compute primitive that sits between traditional AWS Lambda functions and fully managed Elastic Compute Cloud (EC2) instances. This innovation introduces isolated, stateful environments with up to eight-hour lifespans, addressing a critical gap in AWS’s serverless ecosystem.

For developers accustomed to Lambda’s constraints—15-minute execution windows and stateless operations—MicroVMs represent a paradigm shift. Each MicroVM runs within an isolated Firecracker virtual machine, equipped with its own HTTPS endpoint and pre-built snapshots for immediate resumption. During testing, I deployed a minimal Python HTTP server, packaged in a Docker container, to evaluate performance, statefulness, and operational overhead. The results challenge conventional serverless assumptions.

How Lambda MicroVMs Operate: A Three-Step Process

The workflow begins with packaging your application—a Python HTTP server in this case—into a Docker container. The Dockerfile leverages the public.ecr.aws/lambda/microvms:al2023-minimal base image, installs Python dependencies, and exposes port 8080. Once the container is ready, it’s uploaded to an S3 bucket as a .zip artifact.

The next phase involves snapshot creation. AWS’s lambda-microvms create-microvm-image command compiles the container, executes the application, and captures a Firecracker snapshot of the runtime state. This process took approximately three minutes in my test environment. The final step uses lambda-microvms run-microvm to launch the MicroVM from the snapshot, resuming execution from the exact state it was suspended in.

aws lambda-microvms create-microvm-image \
  --name hello-microvm-test \
  --code-artifact "uri=s3://my-bucket/artifact.zip" \
  --base-image-arn arn:aws:lambda:us-east-1:aws:microvm-image:al2023-1 \
  --build-role-arn arn:aws:iam::123456789:role/MicroVMBuildRole

aws lambda-microvms run-microvm \
  --image-identifier arn:aws:lambda:us-east-1:123456789:microvm-image:hello-microvm-test \
  --execution-role-arn arn:aws:iam::123456789:role/MicroVMExecutionRole \
  --idle-policy '{"maxIdleDurationSeconds":300,"suspendedDurationSeconds":60,"autoResumeEnabled":true}'

Performance Benchmarks: Near-Instant Resume and Sub-Second Latency

The real-world performance of Lambda MicroVMs defies expectations for serverless environments. In my tests, the MicroVM achieved a RUNNING state within 12 seconds of the API call, with the first request completing in 911ms. Warm requests averaged 340ms, including round-trip network latency from Hamburg to AWS’s us-east-1 region. Suspending and resuming a MicroVM took just 1.86 seconds—a critical advantage for workloads with intermittent idle periods.

• Image build time: ~3 minutes
• Launch API latency: 1.17 seconds
• Time to `RUNNING` state: 12 seconds
• First request latency: 911ms
• Warm request latency: 340ms
• Suspend-to-resume time: 1.86 seconds

Stateful Computing: Memory and Disk Persistence Across Sessions

The most compelling feature of Lambda MicroVMs is its statefulness. Unlike traditional Lambda functions, which reset on each invocation, MicroVMs retain memory and disk state across suspend and resume cycles. This was demonstrated by tracking request counts and uptime across multiple sessions. After suspending the MicroVM, the same PID and cumulative metrics persisted upon resumption, proving full state retention.

{
  "requests_served": 5,
  "uptime_seconds": 454.1,
  "pid": 1
}

For applications like AI agent sandboxes, browser-based IDEs, or CI/CD runners, this eliminates the need for external state management solutions. Each MicroVM operates as a self-contained environment, reducing architectural complexity.

Security and Authentication: Isolated, Scoped Access

Security is paramount in serverless environments, and Lambda MicroVMs implements a robust authentication model. Requests must include a JSON Web Encryption (JWE) token, generated via the create-microvm-auth-token command and scoped to specific ports. This token, included in the X-aws-proxy-auth header, ensures that only authorized users can interact with a given MicroVM.

aws lambda-microvms create-microvm-auth-token \
  --microvm-id microvm-489fbc1b \
  --expiration-in-minutes 15 \
  --allowed-ports '[{"port":8080}]'

The tokens are short-lived—15 minutes by default—minimizing exposure risk. This model prevents unauthorized access while maintaining the serverless operational simplicity.

Replacing Legacy Patterns: Where MicroVMs Fit Best

Before Lambda MicroVMs, developers faced trade-offs when deploying untrusted or interactive workloads. Traditional approaches included:

• Custom-hardened containers: Shared kernel risks and significant engineering effort to mitigate vulnerabilities.
• Per-user EC2 instances: Slow startup times (minutes), high costs, and full operational overhead.
• Lambda Functions: Stateless and limited to 15-minute executions, unsuitable for long-running processes.

Lambda MicroVMs consolidates these needs into a single solution. With VM-level isolation, automatic snapshot management, and serverless cost efficiency, it eliminates the need for capacity planning, kernel patching, or manual scaling. Suspended MicroVMs incur storage costs only, while resume operations are near-instantaneous.

Technical Specifications and Regional Availability

Lambda MicroVMs ships with a robust set of specifications tailored for diverse workloads:

• Compute resources: 0.5–8GB RAM (baseline), burstable to 32GB. 0.25–4 vCPU (baseline), burstable to 16 vCPUs.
• Storage: Up to 32GB disk capacity per MicroVM.
• Runtime limits: Maximum 8-hour lifespan per instance.
• Architecture: ARM64-only support (x86 workloads require recompilation or emulation).
• Supported protocols: HTTP/1.1, HTTP/2, gRPC, WebSocket, and Server-Sent Events (SSE).
• Regional availability: Initial launch covers us-east-1, us-east-2, us-west-2, eu-west-1, and ap-northeast-1.

Pricing: Pay Only for What You Use

AWS’s pricing model for MicroVMs reflects its serverless philosophy, charging across three dimensions:

• Compute usage: Billed per-second based on baseline and burst resources consumed.
• Snapshot operations: Fees for read/write operations during launch or suspend phases.
• Storage and data transfer: Costs for snapshot storage and inter-region data movement.

Critically, suspended MicroVMs accrue only storage charges, eliminating compute costs during idle periods. This aligns with AWS’s serverless cost optimization goals while providing granular control over expenditures.

Ideal Use Cases for Lambda MicroVMs

The versatility of Lambda MicroVMs makes it a compelling choice for several emerging and established scenarios:

• AI agent sandboxes: Safely execute untrusted or generated code with full isolation.
• Browser-based IDEs: Provide each user with a persistent, isolated development environment.
• CI/CD runners: Eliminate shared state and security risks in ephemeral job environments.
• Jupyter notebooks and analytics: Maintain state across sessions without external databases.
• Vulnerability scanning: Deploy disposable, isolated scans without provisioning full VMs.

Considerations and Future Observations

While Lambda MicroVMs marks a significant advancement, several constraints and open questions remain:

• ARM64-only support: Limits compatibility with x86-native applications unless recompiled.
• Regional limitations: Five regions at launch may exclude users in other geographies.
• Snapshot-friendly design: Applications must avoid stale connections or clock-sensitive initialization logic to leverage state persistence fully.
• Pricing transparency: AWS has not yet published detailed pricing beyond the general framework.

For developers eager to experiment, AWS provides a streamlined CLI interface. The lambda-microvms command namespace, available in AWS CLI v2.35.10+, offers intuitive controls for image management and MicroVM lifecycle operations. Documentation emphasizes the use of the al2023-1 base image, a minimal Amazon Linux 2023 variant, as the foundation for custom environments.

As AWS continues refining this service, Lambda MicroVMs could redefine serverless computing by bridging the gap between stateless functions and resource-intensive VMs. Early adopters stand to gain unparalleled flexibility, security, and cost efficiency in their architectures.