AWS Lambda 运行 每次调用都在单独的 Firecracker VM 中吗?
Does AWS Lambda run every invocation in a separate Firecracker VM?
我知道 AWS Lambda 中的冷启动和热启动。
但是,我不确定在热启动期间,Lambda 架构是否会在后端重用 Firecracker VM?还是在全新的 VM 中进行调用?
有没有办法通过某些其他 AWS 解决方案为每次调用强制执行 VM 级别隔离?
根据 Lambda execution context 的文档中所述,Lambda 尝试在后续执行之间重用执行上下文,这就是导致 cold-start(当上下文启动时)和 warm-start(当重用现有上下文时)。
You typically see this latency when a Lambda function is invoked for the first time or after it has been updated because AWS Lambda tries to reuse the execution context for subsequent invocations of the Lambda function.
Lambda Runtime Environment 文档中的另一声明证实了这一点,其中指出:
When a Lambda function is invoked, the data plane allocates an execution environment to that function, or chooses an existing execution environment that has already been set up for that function, then runs the function code in that environment.
同一页面的后续段落提供了更多有关 environments/resources 如何在同一 AWS 账户中的函数和执行之间共享的信息:
Execution environments run on hardware virtualized virtual machines (microVMs). A microVM is dedicated to an AWS account, but can be reused by execution environments across functions within an account. [...] Execution environments are never shared across functions, and microVMs are never shared across AWS accounts.
此外,还有 another doc page 提供了有关环境之间隔离的更多详细信息,但同样没有提及每个环境强制执行 1 次的能力。
据我所知,没有办法让新的执行使用新环境而不是现有环境。 AWS 对此没有提供太多见解,但围绕该主题的措辞似乎表明大多数人实际上都在尝试做与您正在寻找的相反的事情:
When you write your Lambda function code, do not assume that AWS Lambda automatically reuses the execution context for subsequent function invocations. Other factors may dictate a need for AWS Lambda to create a new execution context, which can lead to unexpected results, such as database connection failures.
我想说,如果您关心的是与其他 customers/accounts 的隔离,AWS 通过虚拟化保证隔离,虽然不是物理级别,但取决于他们的 SLA 和您的 SLAs/requirements 可能足够。相反,如果您正在考虑做某种需要 Lambda 执行相互隔离的 multi-tenant 基础设施,那么这个组件可能不是您要找的。
我知道 AWS Lambda 中的冷启动和热启动。
但是,我不确定在热启动期间,Lambda 架构是否会在后端重用 Firecracker VM?还是在全新的 VM 中进行调用?
有没有办法通过某些其他 AWS 解决方案为每次调用强制执行 VM 级别隔离?
根据 Lambda execution context 的文档中所述,Lambda 尝试在后续执行之间重用执行上下文,这就是导致 cold-start(当上下文启动时)和 warm-start(当重用现有上下文时)。
You typically see this latency when a Lambda function is invoked for the first time or after it has been updated because AWS Lambda tries to reuse the execution context for subsequent invocations of the Lambda function.
Lambda Runtime Environment 文档中的另一声明证实了这一点,其中指出:
When a Lambda function is invoked, the data plane allocates an execution environment to that function, or chooses an existing execution environment that has already been set up for that function, then runs the function code in that environment.
同一页面的后续段落提供了更多有关 environments/resources 如何在同一 AWS 账户中的函数和执行之间共享的信息:
Execution environments run on hardware virtualized virtual machines (microVMs). A microVM is dedicated to an AWS account, but can be reused by execution environments across functions within an account. [...] Execution environments are never shared across functions, and microVMs are never shared across AWS accounts.
此外,还有 another doc page 提供了有关环境之间隔离的更多详细信息,但同样没有提及每个环境强制执行 1 次的能力。
据我所知,没有办法让新的执行使用新环境而不是现有环境。 AWS 对此没有提供太多见解,但围绕该主题的措辞似乎表明大多数人实际上都在尝试做与您正在寻找的相反的事情:
When you write your Lambda function code, do not assume that AWS Lambda automatically reuses the execution context for subsequent function invocations. Other factors may dictate a need for AWS Lambda to create a new execution context, which can lead to unexpected results, such as database connection failures.
我想说,如果您关心的是与其他 customers/accounts 的隔离,AWS 通过虚拟化保证隔离,虽然不是物理级别,但取决于他们的 SLA 和您的 SLAs/requirements 可能足够。相反,如果您正在考虑做某种需要 Lambda 执行相互隔离的 multi-tenant 基础设施,那么这个组件可能不是您要找的。