DEV Community

Cover image for AWS Amplify + Lambda MicroVMs = A Serverless Linux Desktop!
Kanahiro Iguchi for MIERUNE

Posted on

AWS Amplify + Lambda MicroVMs = A Serverless Linux Desktop!

I am Kanahiro Iguchi one of AWS Serverless CBs. In this article I introduce remote desktop app I built on Amplify and Lambda MicroVMs.

Lambda MicroVMs exposes lower-level capabilities powered by Firecracker. We can launch MicroVMs with only a few API calls from a MicroVM Image.

A MicroVM Image is created from a Dockerfile and application artifact. Lambda initializes the environment and captures it as a pre-initialized snapshot, so new MicroVMs can start quickly from that image.

Usecases?

AWS introduces MicroVMs as:

AI coding assistants, interactive code environments, data analytics platforms, vulnerability scanners, and game servers that run user-supplied scripts all fit this pattern.

Now we are in GenAI era, "isolated" computing enviornments are essential. Even there are movements make AI Agents use "computer". Isolated sandboxes where agents do anything without risks are important.

AWS Amplify + Lambda MicroVMs = Serverless Remote Desktop App!

At first, I tasted MicroVMs as http server and then I realized it is more "server" than "function" and it can do more than "headless" machine - I mean server with GUI! Then I built following app.

GitHub logo Kanahiro / microvm-desktop

AWS Amplify + Lambda MicroVMs = Serverless Remote Desktop App!

MicroVM Desktop

Run isolated Linux desktops on AWS Lambda MicroVMs and connect with noVNC.

This is a small proof of concept, not a production remote-desktop service.

Architecture

What is included

  • Amplify Gen 2 authentication and IAM policy
  • React client that starts and stops one MicroVM
  • noVNC connection using a short-lived MicroVM auth token
  • Ubuntu, Debian, and Fedora MicroVM images with Xvfb, XFCE, and x11vnc

Prerequisites

  • Node.js 20 or newer and pnpm
  • AWS credentials configured for Amplify and Lambda MicroVMs

1. Package Docker images

./microvm-image/package.sh
Enter fullscreen mode Exit fullscreen mode

This packages all distributions and writes the ZIP files to microvm-image/microvm-<distribution>.zip.

To package only one distribution:

DISTRO=debian ./microvm-image/package.sh
Enter fullscreen mode Exit fullscreen mode

2. Build MicroVMs image

Upload zip files to S3

Set up MicroVMs image

3. Configure and run the web app

Replace the placeholder image ARNs in src/config/microvmImages.ts, then install the dependencies and start the sandbox:

pnpm install
pnpm sandbox
Enter fullscreen mode Exit fullscreen mode

pnpm sandbox creates amplify_outputs.json. Keep it running…

Architecture

  1. User signs in via Amplify Auth(Cognito).
  2. User calls MicroVMs API to run MicroVM from Image.
  3. User calls MicroVMs API to retrieve token.
  4. User communicate MicroVM via WebSocket and NoVNC.

It's all serverless! No EC2 desktop host, no container cluster, and no custom WebSocket gateway. This pattern is a good fit for bursty or idle-heavy desktop sessions because MicroVMs can be suspended while preserving state.

To communicate MicroVM, You need to generate token and set it on header. The token is created after the signed-in user starts a MicroVM, and users don't need to be aware of it. The token is scoped to the MicroVM and has an expiration time. This is secure enough for this proof of concept.

In this demo, each image has only primitive dependencies and you can add deps in Dockerfile (e.g. webbrowser).

Conclusion

Lambda MicroVMs is not just for "AI" trends but for any workloads which can take advantage of features - isolation, quick boot, secure networking and statefull computing with container images customized for purposes.

Top comments (2)

Collapse
 
psantus profile image
Paul SANTUS

Very interesting. Will try it for training labs. Thanks!

Collapse
 
jerome_guyon_614ecd636c2c profile image
Jérôme GUYON

I love this approach ! Thanks for sharing 🔥