| title | Lambda Managed Instances |
|---|---|
| description | Using Powertools for AWS Lambda (Python) with Lambda Managed Instances |
Lambda Managed Instances{target="_blank" rel="nofollow"} enables you to run Lambda functions on Amazon EC2 instances without managing infrastructure. It supports multi-concurrent invocations, EC2 pricing models, and specialized compute options like Graviton4.
| Aspect | Lambda (default) | Lambda Managed Instances |
|---|---|---|
| Concurrency | Single invocation per execution environment | Multiple concurrent invocations per environment |
| Python model | One process, one request | Multiple processes, one request each |
| Pricing | Per-request duration | EC2-based with Savings Plans support |
| Scaling | Scale on demand with cold starts | Async scaling based on CPU, no cold starts |
| Isolation | Firecracker microVMs | Containers on EC2 Nitro |
Unlike Java or Node.js which use threads, the Lambda Python runtime uses multiple processes for concurrent requests. Each request runs in a separate process, which provides natural isolation between requests.
This means:
- Memory is not shared between concurrent requests
- Global variables are isolated per process
/tmpdirectory is shared across all processes - use caution with file operations
Lambda Managed Instances use a different isolation model than Lambda (default):
| Layer | Lambda (default) | Lambda Managed Instances |
|---|---|---|
| Instance level | Firecracker microVMs on shared AWS fleet | Containers on EC2 Nitro in your account |
| Security boundary | Execution environment | Capacity provider |
| Function isolation | Strong isolation via microVMs | Container-based isolation within instances |
Capacity providers serve as the security boundary. Functions within the same capacity provider share the underlying EC2 instances. For workloads requiring strong isolation between functions, use separate capacity providers.
For Python specifically, the multi-process model adds another layer of isolation - each concurrent request runs in its own process with separate memory space.
Powertools for AWS Lambda (Python) works seamlessly with Lambda Managed Instances. All utilities are compatible with the multi-process concurrency model used by Python.
Logger works without any changes. Each process has its own logger instance.
--8<-- "examples/lambda_features/managed_instances/src/using_logger.py"Tracer works without any changes. X-Ray traces are captured per request.
???+ note "VPC connectivity required" Lambda Managed Instances run in your VPC. Ensure you have network connectivity{target="_blank" rel="nofollow"} to send traces to X-Ray.
--8<-- "examples/lambda_features/managed_instances/src/using_tracer.py"Metrics work without any changes. Each process flushes metrics independently.
???+ note "VPC connectivity required" Ensure you have network connectivity{target="_blank" rel="nofollow"} to send metrics to CloudWatch.
--8<-- "examples/lambda_features/managed_instances/src/using_metrics.py"Parameters utility works correctly, but be aware that cache is per-process.
--8<-- "examples/lambda_features/managed_instances/src/using_parameters.py"???+ tip "Cache behavior" Since each process has its own cache, you might see more calls to SSM/Secrets Manager during initial warm-up. Once each process has cached the value, subsequent requests within that process use the cache.
Idempotency works without any changes. It uses DynamoDB for state management, which is external to the process.
--8<-- "examples/lambda_features/managed_instances/src/using_idempotency.py"Batch Processing works without any changes. Each batch is processed within a single process.
--8<-- "examples/lambda_features/managed_instances/src/using_batch.py"???+ note "Other utilities" All other Powertools for AWS utilities (Feature Flags, Validation, Parser, Data Masking, etc.) work without any changes. If you encounter any issues, please open an issue{target="_blank"}.
The /tmp directory is shared across all processes in the execution environment. Use caution when writing files.
--8<-- "examples/lambda_features/managed_instances/src/tmp_file_handling.py"Since each process is independent, connection pooling behaves differently than in threaded runtimes.
--8<-- "examples/lambda_features/managed_instances/src/database_connections.py"Lambda Managed Instances require VPC configuration for:
- Sending logs to CloudWatch Logs
- Sending traces to X-Ray
- Accessing AWS services (SSM, Secrets Manager, DynamoDB, etc.)
Configure connectivity using one of these options:
- VPC Endpoints - Private connectivity without internet access
- NAT Gateway - Internet access from private subnets
- Public subnet with Internet Gateway - Direct internet access
See Networking for Lambda Managed Instances{target="_blank" rel="nofollow"} for detailed setup instructions.
Yes, all Powertools for AWS utilities work seamlessly with Lambda Managed Instances. The multi-process model in Python provides natural isolation between concurrent requests.
For Python, you don't need to worry about thread safety because Lambda Managed Instances uses multiple processes, not threads. Each request runs in its own process with isolated memory.
Each process maintains its own cache (for Parameters, Feature Flags, etc.). This is expected behavior. The cache will warm up independently per process, which may result in slightly more calls to backend services during initial warm-up.
Yes, but remember they are per-process, not shared across concurrent requests. This is actually safer than shared state.
Use unique file names (include request ID or UUID) to avoid conflicts between concurrent requests. Always clean up files after use to avoid filling the shared /tmp directory.
No changes are required. Your existing code will work as-is with Lambda Managed Instances.