Firecracker MicroVM Platform

Firecracker is an open-source virtualization technology enabling secure, multi-tenant container and function-based services with minimal overhead. Developed by AWS (Amazon Web Services) and released as open source in 2018, Firecracker powers AWS Lambda and AWS Fargate, processing trillions of requests per month. Key features: microVM architecture providing the security and isolation of traditional VMs with the speed and resource efficiency of containers. Written entirely in Rust to minimize attack surface and eliminate memory safety vulnerabilities (buffer overflows, use-after-free). KVM-based virtualization leveraging Linux KVM for hardware-accelerated CPU and I/O. Minimal device model: only 4 emulated devices (virtio-net, virtio-block, serial console, one-button keyboard) compared to QEMU's hundreds, reducing attack surface and boot time. Fast boot: cold boot in as little as 125ms, enabling true scale-to-zero. Low memory overhead: as little as 5MB per microVM, enabling thousands per host. Rate limiting: built-in token bucket rate limiter for network bandwidth and I/O operations (ops/sec and bytes/sec). Snapshot support: create and restore microVM snapshots for fast cloning and pre-warming, enabling sub-millisecond restore. RESTful Unix socket API for lifecycle management (create, configure, start, pause, resume). Seccomp filters, chroot, and resource limits for defense in depth. Each microVM runs in its own KVM sandbox with no shared kernel. Multi-tenant isolation prevents noisy neighbor and side-channel attacks. Used by AWS Lambda, AWS Fargate, Fly.io, and Cloudflare Workers.