Tenant isolation

Use tenant isolation mode when you need isolated request processing for individual end-users or tenants invoking a Lambda function. This capability simplifies building multi-tenant applications that process tenant-specific code or data, such as SaaS platforms for workflow automation or code execution, by removing the need to manage tenant-specific function resources and request routing logic.

Multi-tenant applications have strict isolation requirements when running code or processing data for individual tenants or end-users. With tenant isolation mode, Lambda uses a customer-specified tenant identifier to route requests to underlying function execution environments, ensuring that a function’s execution environments are only used to serve invocations from the specified end-user or tenant. Lambda’s function execution environments leverage Firecracker virtualization to provide workload isolation.

When a function using tenant isolation mode receives an invoke with a tenant identifier, Lambda first attempts to locate an available execution environment associated with that tenant identifier. If no execution environments exist, Lambda creates and assigns a new execution environment to that tenant. As function invocations with the specified tenant identifier scale up, Lambda locates or creates new execution environments as necessary.

Topics

• When to use tenant isolation mode

• Supported features and limitations

• Supported AWS Regions

• Considerations

• Pricing

• Isolation mode

• Enabling tenant isolation for Lambda functions

• Invoking Lambda functions with tenant isolation

• Accessing tenant identifier in Lambda function code

• Monitoring Lambda functions with tenant isolation

• Troubleshooting tenant isolation for Lambda functions

When to use tenant isolation mode

Use tenant isolation mode when you need to serve multiple end-users or tenants using a single Lambda function, while ensuring that the execution environments used to process invocations for individual tenants remain isolated from one another. This strict isolation of execution environments is required for multi-tenant applications that:

• Execute end-user supplied code: Maintaining separate execution environments for individual tenants can limit the impact of executing user-supplied code that may be incorrect or malicious.

• Process tenant-specific data: Maintaining separate execution environments for individual tenants can prevent exposure of sensitive tenant-specific data to other tenants.

Multiple invocation requests from the same tenant can re-use the same function execution environment, reducing cold-starts and improving response times for latency sensitive applications.

Supported features and limitations

Tenant isolation mode is not supported with functions that use function URLs, provisioned concurrency, or SnapStart. You can send requests to a tenant-isolated function using synchronous invocations, asynchronous invocations, or by using Amazon API Gateway as an event-trigger.

Supported AWS Regions

Tenant isolation mode is supported in all commercial Regions except Asia Pacific (New Zealand).

Considerations

When using tenant isolation with your Lambda functions, keep the following in mind:

• Immutable configuration: Tenant isolation is an immutable function property. It can only be enabled when creating a function.

• Required tenant-id parameter: Functions using tenant isolation mode must be invoked with a tenant-id parameter. Omitting this parameter will cause function invocations to fail.

• Execution role applies to all tenants: Invocations from all tenants use the permissions defined in your Lambda function’s execution role.

• Concurrency: There are no changes to your function’s concurrency or scaling behavior when using tenant isolation. Lambda imposes a limit of 2,500 tenant-isolated execution environments (active or idle) for every 1,000 concurrent executions configured for your Lambda function.

Pricing

You are charged when Lambda creates a new tenant-isolated execution environment. The price depends on the amount of memory that you allocate to your function and the CPU architecture that you use. For more information, see AWS Lambda pricing.

Isolation mode

The following table outlines differences between Lambda functions with and without tenant isolation.

Feature	With tenant isolation	Without tenant isolation
Isolation type	Tenant-level isolation	Function-level isolation
Environment reuse	Execution environments are never reused across different tenants	Execution environments might be reused across invocations of the same function
Data isolation	Data from other tenants is not accessible	Data from previous invocations of the same function version may be accessible
Cold starts	More cold starts due to tenant-specific environments	Fewer cold starts due to environment reuse
Pricing	Additional charge besides the standard Lambda pricing	Standard Lambda pricing