AWS recently unveiled Firecracker, a new virtualization technology that uses KVM to help user launch lightweight micro-virtual machines in non-virtualized environments. Basically, this lets you take advantage of the workload isolation and security features that come with traditional VMs along with the resource efficiency that you get with containers. Here’s what you should know about this new technology.
About AWS Firecracker
Firecracker comes about four years after AWS Lambda. As Lambda users increasingly began adopting serverless models, it caused the AWS team to think about efficiency and simplification for VMs. Firecracker is the result of that, a minimalist setup that is meant to reduce overhead and enable multi-tenancy. It uses crosvm and Rust programming language to protect against vulnerabilities.
Security features
One of the main aspects of this technology is its ability to keep VMs secure. It utilizes multiple levels of isolation and protection, while also exposing only a minimal surface for potential attacks. More specifically, security features include a simple guest model, process jail, and static linking.
Other features
In addition to security, AWS Firecracker has a host of other features and capabilities that could make it an attractive option. For example, it gives users the ability to launch a microVM in as little as 125 ms, with even faster speeds coming in 2019. This makes it ideal for transient or short-lived workloads. It also has the ability to power high-volume projects; it’s already being used for major AWS services including Lambda and Fargate.
Additionally, Firecracker is an open source project. You can submit requests and collaborate with AWS and other contributors to create the exact solutions you need. It also only consumes about 5MiB of memory per microVM, so you can run thousands of secure VMs on the same instance with low overhead. You can star the repo and join the community now. And the AWS team is ready to review any code you work on.
Featured image: Pexels
