Introducing Firecracker, a New Virtualization Technology and Open Source Project for Running Multi-Tenant Container Workloads

Posted on: Nov 26, 2018

Today, Amazon Web Services (AWS) is announcing Firecracker, new virtualization and open source technology that enables service owners to operate secure multi-tenant container-based services by combining the speed, resource efficiency, and performance enabled by containers with the security and isolation offered by traditional VMs. Firecracker implements a virtual machine manager (VMM) based on Linux's Kernel-based Virtual Machine (KVM), and provides a RESTful API to create and manage microVMs with any combination of vCPU and memory to match application requirements. Firecracker is built with minimal device emulation that enables faster startup time, provides a reduced memory footprint for each microVM, and offers a trusted sandboxed environment for each container. 

AWS Lambda uses Firecracker for provisioning and running secure sandboxes to execute customer functions. These secure sandboxes can be rapidly provisioned with a minimal footprint, enabling performance without sacrificing security. AWS Fargate Tasks also execute on Firecracker microVMs, allowing the Fargate runtime layer to run faster and more efficiently on EC2 bare metal instances, without compromising kernel-level isolation of Tasks.

Customers can run Firecracker on AWS .metal instances as well as on any other bare-metal servers, including on-premises environments and developer laptops. Firecracker runs on Intel processors today, with support for AMD and ARM coming in 2019.

Firecracker is open sourced under Apache 2.0. To learn more, see the Firecracker page. You can also read more at Jeff Barr's blog and the Open Source blog.

To get started, visit the Github repo.