Is it possible to have hardware level isolation if I choose to use the Serverless goodies of AWS?

Question

I can choose to pay more to have dedicated AWS EC2 instances so that my VMs are physically isolated from other people's instances.

However, using EC2 also means I bear the responsibility of maintenance, either through automation or not.

So I would like to use things like Fargate and Lambda, which removes the maintenance burden from me.

Is possible to still have the same level of hardware isolation?

Can I require Amazon to run my Lambda functions and Fargate containers in a physically isolated fashion?

score 1 · Accepted Answer · answered Jan 09 '20 at 10:06

It is not possible as far as I know.

Pulling from the documentation of AWS

For FarGate

Ensure that the VPC that you choose is not configured to require dedicated hardware tenancy, as that is not supported by Fargate tasks.

And at the moment, Lambda also share resource. One Lambda invocation takes up some part of the big chip's CPU time and I do not think they will roll dedicated Lambda out soon as It's one of the reason they can offer computational power that cheap ( keeping their hardware busy serving multiple people )

Also from the docs

Lambda doesn't currently support running in dedicated tenancy

yeah, I guessed so. so if physical isolation is a hard requirement, then I guess I am stuck with old fashioned EC2 — Cui Pengfei 崔鹏飞, Jan 09 '20 at 10:11

Is it possible to have hardware level isolation if I choose to use the Serverless goodies of AWS?

1 Answers1