Firecracker is, in the words of its own project site, “Secure and fast microVMs for serverless computing.” It is an open-source virtual machine monitor (VMM) that runs lightweight virtual machines, called microVMs, which combine the hardware-backed isolation of a traditional virtual machine with the speed and density usually associated with containers. The project states plainly that “Firecracker is written in Rust,” a language chosen for its memory-safety guarantees.
Amazon Web Services open-sourced Firecracker on November 26, 2018. The AWS announcement described microVMs as lightweight virtual machines that can be launched “in a fraction of a second,” combining “the security and workload isolation provided by traditional VMs and the resource efficiency that comes along with containers.” A microVM could be launched “in as little as 125 ms,” the post noted, with faster times promised in subsequent releases.
The technology was not a research prototype but a production engine. AWS described Firecracker as already “powering multiple high-volume AWS services including AWS Lambda and AWS Fargate,” services that between them run trillions of function executions and tens of millions of containers for AWS customers. By stripping the virtual machine down to a minimal device model, Firecracker reduces both startup time and memory overhead, which is what makes it economical to give every serverless function or task its own hardware-isolated sandbox.
Firecracker sits at the intersection of two worlds that had long been seen as a tradeoff. Containers were fast and dense but shared the host kernel; virtual machines were strongly isolated but heavy and slow to boot. Firecracker’s microVM model showed that, with a sufficiently minimal VMM, you could have much of both at once.