New serverless pattern - lambda-microvms-claude-code-agent#3180
Open
avladi wants to merge 8 commits into
Open
Conversation
bfreiberg
requested changes
Jun 22, 2026
| @@ -0,0 +1,113 @@ | |||
| AWSTemplateFormatVersion: '2010-09-09' | |||
| Description: AWS Lambda MicroVM with Claude Code CLI and AWS API MCP server | |||
Contributor
There was a problem hiding this comment.
Suggested change
| Description: AWS Lambda MicroVM with Claude Code CLI and AWS API MCP server | |
| Description: Claude Code CLI and AWS API MCP server on AWS Lambda MicroVMs |
| @@ -0,0 +1,243 @@ | |||
| # AWS Lambda MicroVM Claude Code Agent | |||
Contributor
There was a problem hiding this comment.
Suggested change
| # AWS Lambda MicroVM Claude Code Agent | |
| # Claude Code Agent on AWS Lambda MicroVMs |
| @@ -0,0 +1,243 @@ | |||
| # AWS Lambda MicroVM Claude Code Agent | |||
|
|
|||
| This pattern deploys a long-running Lambda MicroVM with the [Claude Code](https://code.claude.com) CLI baked into the image. The MicroVM is launched with the `SHELL_INGRESS` network connector, so you connect via an interactive shell and run `claude` directly inside the isolated Firecracker VM. Claude Code is preconfigured to use [Amazon Bedrock](https://aws.amazon.com/bedrock/) with Claude Haiku 4.5 — credentials are supplied at runtime by the MicroVM execution role, so no API key is ever stored in the image. | |||
Contributor
There was a problem hiding this comment.
Suggested change
| This pattern deploys a long-running Lambda MicroVM with the [Claude Code](https://code.claude.com) CLI baked into the image. The MicroVM is launched with the `SHELL_INGRESS` network connector, so you connect via an interactive shell and run `claude` directly inside the isolated Firecracker VM. Claude Code is preconfigured to use [Amazon Bedrock](https://aws.amazon.com/bedrock/) with Claude Haiku 4.5 — credentials are supplied at runtime by the MicroVM execution role, so no API key is ever stored in the image. | |
| This pattern deploys a long-running Lambda MicroVM with the [Claude Code](https://code.claude.com) CLI baked into the image. The Lambda MicroVM is launched with the `SHELL_INGRESS` network connector, so you connect via an interactive shell and run `claude` directly inside the MicroVM. Claude Code is preconfigured to use [Amazon Bedrock](https://aws.amazon.com/bedrock/) with Claude Haiku 4.5 — credentials are supplied at runtime by the Lambda MicroVM execution role, so no API key is ever stored in the image. |
Contributor
There was a problem hiding this comment.
Isn't Haiku 4.5 almost EOL?
|  | ||
|
|
||
| 1. **Image Build**: Lambda downloads the zip, executes the Dockerfile (installs Git, the Claude Code CLI, `uv`, and the AWS API MCP server; bakes in the Bedrock environment variables and the project-scope MCP config), waits for `/ready`, and takes a snapshot. | ||
| 2. **Run**: The MicroVM resumes rapidly from the snapshot with the execution role and the `SHELL_INGRESS` connector attached. |
Contributor
There was a problem hiding this comment.
Suggested change
| 2. **Run**: The MicroVM resumes rapidly from the snapshot with the execution role and the `SHELL_INGRESS` connector attached. | |
| 2. **Run**: The Lambda MicroVM resumes rapidly from the snapshot with the execution role and the `SHELL_INGRESS` connector attached. |
| ./connect.sh "${MICROVM_ID}" | ||
| ``` | ||
|
|
||
| ## Using deploy.sh |
Contributor
There was a problem hiding this comment.
Move to before the step by step guide
Comment on lines
+112
to
+114
| ## Why the cross-region inference profile? | ||
|
|
||
| Claude Haiku 4.5 is **not** available for in-region inference in `us-east-2`. The Dockerfile and the IAM policy therefore target the US cross-region inference profile `us.anthropic.claude-haiku-4-5-20251001-v1:0` (destination regions: us-east-1, us-east-2, us-west-2). The execution-role policy grants `bedrock:InvokeModel*` on both the inference profile and the underlying foundation model in each destination region. |
|
|
||
| Claude Haiku 4.5 is **not** available for in-region inference in `us-east-2`. The Dockerfile and the IAM policy therefore target the US cross-region inference profile `us.anthropic.claude-haiku-4-5-20251001-v1:0` (destination regions: us-east-1, us-east-2, us-west-2). The execution-role policy grants `bedrock:InvokeModel*` on both the inference profile and the underlying foundation model in each destination region. | ||
|
|
||
| ## Key Design Decisions |
| - **Shell-first**: `SHELL_INGRESS` provides an interactive shell. The port 8080 health endpoint is only for verifying the VM is up. | ||
| - **AWS access via IAM only**: the AWS API MCP server uses the execution role's credentials through the boto3 default chain. What Claude can do in AWS is controlled entirely by the role's IAM policy (read-only by default), not by any baked-in key. | ||
|
|
||
| ## AWS API MCP server — AWS API access |
Comment on lines
+162
to
+164
| **Letting Claude make changes.** To allow mutations, replace `ReadOnlyAccess` with a broader or custom policy on the execution role and remove `READ_OPERATIONS_ONLY` from `.mcp.json`, then redeploy. | ||
|
|
||
| > **Security note**: `ReadOnlyAccess` is broad — it can read data across services (S3 object contents, DynamoDB items, etc.). For production, scope the execution role to a custom policy limited to the specific `Describe*`/`List*`/`Get*` actions and resources you actually want Claude to see. The MicroVM keeps blast radius contained, but the IAM policy is your real control plane. |
avladi
force-pushed
the
avladi-feature-lambda-microvms-claude-code-agent
branch
from
a2872f5 to
bdb8afe
Compare
- Fix ANTHROPIC_MODEL to use correct inference profile ID (us.anthropic.claude-sonnet-4-6) - Remove invalid ANTHROPIC_SMALL_FAST_MODEL env var - Update IAM policy ARNs to match actual Bedrock resource format - Rename policy/SID from Haiku to Sonnet - Update all documentation references from Sonnet 4 to Sonnet 4.6 - Add zip CLI prerequisite with Windows install instructions - Add region availability doc link to Step 1
- Bump MinimumMemoryInMiB from 1024 to 4096 (2 vCPU baseline, bursts to 8) - Pre-warm MCP server at build time to compile Python bytecode
bfreiberg
requested changes
Jun 25, 2026
| @@ -0,0 +1,67 @@ | |||
| { | |||
| "title": "AWS Lambda MicroVM Claude Code Agent", | |||
Contributor
There was a problem hiding this comment.
Suggested change
| "title": "AWS Lambda MicroVM Claude Code Agent", | |
| "title": "Claude Code Agent on AWS Lambda MicroVMs", |
| }, | ||
| "cleanup": { | ||
| "text": [ | ||
| "bash cleanup.sh" |
Contributor
There was a problem hiding this comment.
Suggested change
| "bash cleanup.sh" | |
| "<code>bash cleanup.sh</code>" |
| @@ -0,0 +1,75 @@ | |||
| { | |||
| "title": "AWS Lambda MicroVM Claude Code Agent", | |||
Contributor
There was a problem hiding this comment.
Suggested change
| "title": "AWS Lambda MicroVM Claude Code Agent", | |
| "title": "Claude Code Agent on AWS Lambda MicroVMs", |
| "introBox": { | ||
| "headline": "How it works", | ||
| "text": [ | ||
| "This pattern deploys a long-running Lambda MicroVM with the Claude Code CLI installed into the image. The MicroVM is launched with the SHELL_INGRESS network connector, so you connect via an interactive shell (AWS console or a WebSocket client) and run `claude` directly inside the isolated Firecracker VM.", |
Contributor
There was a problem hiding this comment.
Suggested change
| "This pattern deploys a long-running Lambda MicroVM with the Claude Code CLI installed into the image. The MicroVM is launched with the SHELL_INGRESS network connector, so you connect via an interactive shell (AWS console or a WebSocket client) and run `claude` directly inside the isolated Firecracker VM.", | |
| "This pattern deploys a Lambda MicroVM with the Claude Code CLI installed into the image. The MicroVM is launched with the SHELL_INGRESS network connector, so you connect via an interactive shell (AWS console or a WebSocket client) and run `claude` directly inside the MicroVM.", |
| @@ -0,0 +1,196 @@ | |||
| # Claude Code Agent on AWS Lambda MicroVMs | |||
|
|
|||
| This pattern deploys a long-running Lambda MicroVM with the [Claude Code](https://code.claude.com) CLI baked into the image. The Lambda MicroVM is launched with the `SHELL_INGRESS` network connector, so you connect via an interactive shell and run `claude` directly inside the MicroVM. Claude Code is preconfigured to use [Amazon Bedrock](https://aws.amazon.com/bedrock/) with Claude Sonnet 4.6 — credentials are supplied at runtime by the Lambda MicroVM execution role, so no API key is ever stored in the image. | |||
Contributor
There was a problem hiding this comment.
Suggested change
| This pattern deploys a long-running Lambda MicroVM with the [Claude Code](https://code.claude.com) CLI baked into the image. The Lambda MicroVM is launched with the `SHELL_INGRESS` network connector, so you connect via an interactive shell and run `claude` directly inside the MicroVM. Claude Code is preconfigured to use [Amazon Bedrock](https://aws.amazon.com/bedrock/) with Claude Sonnet 4.6 — credentials are supplied at runtime by the Lambda MicroVM execution role, so no API key is ever stored in the image. | |
| This pattern deploys a Lambda MicroVM with the [Claude Code](https://code.claude.com) CLI baked into the image. The Lambda MicroVM is launched with the `SHELL_INGRESS` network connector, so you connect via an interactive shell and run `claude` directly inside the MicroVM. Claude Code is preconfigured to use [Amazon Bedrock](https://aws.amazon.com/bedrock/) with Claude Sonnet 4.6 — credentials are supplied at runtime by the Lambda MicroVM execution role, so no API key is ever stored in the image. |
|
|
||
| ### Using a different model | ||
|
|
||
| The model is set via the `ANTHROPIC_MODEL` environment variable in the [Dockerfile](src/Dockerfile). To use a different Claude model, change this value to another inference profile ID available in your account and update the Bedrock policy resources in `template.yaml` accordingly. |
Contributor
There was a problem hiding this comment.
Duplicate to section below
|
|
||
| Claude calls AWS using the execution role's credentials. With the read-only default, a mutating request (e.g. "create an S3 bucket called …") is refused by `READ_OPERATIONS_ONLY` and would be denied by IAM anyway. | ||
|
|
||
| ### Using a different model |
Contributor
There was a problem hiding this comment.
Duplicate to section above
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New pattern: AWS Lambda MicroVM Claude Code Agent — Deploy an AWS Lambda MicroVM with the Claude Code CLI, powered by Amazon Bedrock and reachable through an interactive shell.
Pattern details
Checklist