Code Execution Sandbox on AWS Lambda MicroVMs

AWS Lambda MicroVMs

Deploy an AWS Lambda MicroVM that executes Python code in an isolated VM with snapshot-based rapid startup.

This pattern deploys a Lambda MicroVM running a sandboxed code execution service. Clients submit Python code via HTTP POST, and the Lambda MicroVM executes it in an isolated subprocess, returning stdout, stderr, and exit code.

The Lambda MicroVM image is built from a Dockerfile that Lambda executes server-side. During the build, the application starts and signals readiness via the /ready lifecycle hook. Lambda then takes a snapshot, enabling rapid cold starts for all future launches.

The Lambda MicroVM supports suspend/resume. It automatically suspends after idle timeout and resumes rapidly when new traffic arrives. Each Lambda MicroVM runs in its own isolated VM with hardware-level isolation.

< Back to all patterns

Language:: Python
Framework:: AWS CLI

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/lambda-microvms-code-execution-sandbox

Deploy

bash deploy.sh

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

bash cleanup.sh

Additional resources

AWS Lambda MicroVMs Documentation

Firecracker - Secure and fast microVMs for serverless computing

Created by:

Alexander Vladimirov

Senior Serverless Solutions Architect at AWS, specializing in Agentic AI Workloads.

Follow on LinkedIn