firecracker-microvm/firecracker

Firecracker is an open-source virtualization technology built by Amazon Web Services and used at the heart of services like AWS Lambda and AWS Fargate. It solves a specific problem in cloud computing: how do you run thousands of small, untrusted code snippets (like serverless functions) securely, cheaply, and with near-instant startup times? Traditional virtual machines (VMs) are very secure, each one runs in full hardware isolation, but they are slow to start and consume a lot of memory. Containers start quickly but share the same operating system kernel, which creates security risks when running code from many different customers on the same machine. Firecracker sits in between: it creates what it calls "microVMs," which are lightweight virtual machines that boot in under 125 milliseconds and use only about 5 MB of memory overhead each, while still providing the strong isolation of hardware virtualization. Firecracker achieves this minimalism by stripping the virtual machine down to only what is absolutely necessary, a virtual CPU, memory, a network interface, and a disk. There are no USB controllers, no BIOS, no unnecessary emulated hardware. The fewer moving parts, the smaller the attack surface and the faster the boot. It uses Linux's built-in KVM (Kernel-based Virtual Machine) subsystem under the hood, so it relies on battle-tested infrastructure rather than reinventing virtualization from scratch. Once running, each Firecracker microVM is controlled via a REST API, letting orchestration systems spin up, configure, and tear down instances programmatically. You would use Firecracker if you are building a serverless platform, a container-as-a-service product, or any system where you need to run untrusted code from multiple users on shared hardware at high density. It is written in Rust for memory safety and runs on Linux with KVM support.