On June 22, 2026, AWS shipped a new serverless primitive: Lambda MicroVMs. It gives every session its own Firecracker microVM, lets you suspend and resume that VM with full memory and disk intact for up to eight hours, and charges you nothing for compute while it's suspended. In effect, AWS has entered the AI-agent sandbox market that Modal, Daytona, E2B, and OpenComputer have spent the last two years building.
+ $0.0132 / GB-hr
So the obvious question: is AWS's entry actually competitive? We pulled the official pricing for all five providers and ran the numbers. The headline rates cluster closer than you'd expect, but the pricing models diverge sharply: AWS charges separately for individual primitives that the other four bundle into a single rate. This post breaks down where AWS wins, where it doesn't, and which provider fits which workload.
Pricing note: All figures are from official pricing pages as of June 29, 2026, in
us-east-1(AWS) or each provider's default region. These pages change often, and several providers don't publish rates for every dimension. Verify against the live page before you commit a budget to it.
What AWS Lambda MicroVMs Actually Is
Lambda has always run on Firecracker microVMs under the hood. What's new is that AWS now exposes that microVM directly as a long-lived, stateful, controllable resource, sitting in the gap between two things you already know:
- Lambda functions are stateless and capped at 15 minutes.
- EC2 instances are full VMs you provision and manage yourself.
MicroVMs sit in between. You call run-microvm, get a dedicated VM with full OS access (install packages, mount filesystems, run a long-lived process), talk to it over a dedicated HTTPS endpoint that supports HTTP/2, gRPC, and WebSockets, then suspend-microvm to freeze it and resume-microvm to wake it. You manage the mapping of tenants to VMs yourself, which is exactly the control an agent platform wants.
The specs that matter for agent workloads:
- Isolation: Firecracker microVM, dedicated kernel, memory, and disk per session. No shared kernel between tenants.
- State: Suspend/resume preserves full memory and disk for up to 8 hours. Suspended VMs cost zero compute.
- Resources: Up to 16 vCPU / 32 GB RAM / 32 GB disk, with a configurable baseline that bursts to 4x on demand.
- Architecture: ARM64/Graviton only.
- Availability: Five regions at launch (
us-east-1,us-east-2,us-west-2,eu-west-1,ap-northeast-1). - Cold start: Snapshot-based launch. AWS markets it as "near-instant" but publishes no latency figures; independent testing clocked roughly 2 seconds to RUNNING, with suspend and resume each taking about a second.
If you've used AWS Bedrock AgentCore, MicroVMs is the lower-level alternative: AgentCore is a managed agent runtime, while MicroVMs gives you the raw VM and the lifecycle API. (For comparison, AgentCore Runtime's headline compute is lower, at $0.0895/vCPU-hr with idle CPU billed free, though it doesn't offer the same suspend/resume statefulness or full-VM control.)
The Contenders
Before the numbers, here are the four alternatives and how each isolates untrusted code — which turns out to be the main point of differentiation.
| Provider | What it is | Isolation | GPU | Open source |
|---|---|---|---|---|
| AWS Lambda MicroVMs | Stateful serverless microVM primitive | Firecracker microVM | No | No |
| Modal | Serverless compute platform; Sandboxes for agent code | gVisor | Yes | No |
| Daytona | AI-agent sandbox / runtime infra | Containers (optional Kata) | Yes | Partial |
| E2B | Secure code-interpreter sandboxes | Firecracker microVM | No | Yes (Apache-2.0) |
| OpenComputer | Persistent "real computer" VMs for agents | KVM full VM | No | Yes (Apache-2.0) |
The isolation column is the one that matters most. For running untrusted, agent-generated code, hardware-level isolation (Firecracker microVMs on AWS and E2B; KVM full VMs on OpenComputer) is a stronger security boundary than gVisor (Modal) or shared-kernel containers (Daytona's default). The cheapest compute here also comes with the weakest default isolation — a trade-off to keep in mind as we get to the prices.
AWS Lambda MicroVMs Pricing Structure Explained
MicroVMs bills across three independent dimensions, and the second is the one most teams underestimate.
1. Compute (per second)
You pay for vCPU and memory separately, by the second, in us-east-1 on Graviton:
- vCPU: $0.0000276944 per vCPU-second ≈ $0.0997 per vCPU-hour
- Memory: $0.0000036667 per GB-second ≈ $0.0132 per GB-hour
Memory is provisioned at a fixed 2:1 ratio to vCPU (2 GB per vCPU). Your baseline is billed continuously while running; bursts above baseline (up to 4x) are billed only for the seconds you actually use them. Suspended VMs are billed $0 for compute.
2. Snapshot and image storage (often overlooked)
This is where MicroVMs differs from every other provider here: AWS meters your saved state as explicit line items.
- Snapshot write (charged on suspend): $0.0038 per GB
- Snapshot read (charged on launch/resume): $0.00155 per GB
- Snapshot storage (your suspended VM state): $0.08 per GB-month
- Image storage (your VM images): $0.08 per GB-month, with a 1-week minimum retention
3. Data transfer
Egress is billed at standard AWS data-transfer rates (roughly $0.09/GB after the account-wide 100 GB/month free allowance). There is no MicroVM-specific rate or discount.
Taken together, this is a characteristically AWS pricing model: relatively low compute rates, with separate charges for saving state, reading state, storing images, and data transfer. The other four providers fold most of that into a single compute rate.
The Pricing Dimensions That Actually Differ
This is the comparison that motivated the analysis. Laid side by side on the non-compute dimensions, one provider stands out:
(Persistent disk is the one storage dimension everyone charges for, just very differently: Modal is $0.09/GiB-month with 1 TiB free, Daytona $0.000108/GiB-hour with the first 5 GiB free, E2B includes 10-20 GiB per plan, OpenComputer gives 20 GB free then ~$0.26/GB-month, and on AWS the microVM's disk rides along with its snapshot at $0.08/GB-month while suspended.)
AWS is the only provider here that charges separately for snapshot storage, image storage, and egress. Modal, Daytona, E2B, and OpenComputer either bundle that state into their disk metering or don't publish a rate for it at all. (To be clear, "none published" isn't the same as "free": several of these providers simply don't document an egress or snapshot-storage rate, so those should be treated as unconfirmed rather than zero.)
For a single agent, this is negligible. For a fleet hibernating thousands of stateful VMs, it becomes the line item that decides the bill — more on that below.
Head-to-Head: Compute Cost
To compare on equal footing, here's the cost to run a small sandbox, fully active, for one hour, on each provider's sandbox tier. (Modal's Sandboxes run at roughly 3x the standard preemptible serverless rate because they're non-preemptible; I've listed the standard rate too, for context.)
Config A: 1 vCPU + 2 GB RAM, 1 hour
| Provider | Calculation | Cost/hour |
|---|---|---|
| Daytona | $0.0504 + 2 x $0.0162 | $0.083 |
| E2B (Pro) | $0.0504 + 2 x $0.0162 | $0.083 + $150/mo base |
| Modal Sandbox | 0.5 core x $0.1419 + 2 x $0.0242 | $0.119 |
| OpenComputer | 2 GB x $0.060 (on-demand) | $0.120 (reserved: $0.024) |
| AWS MicroVMs | $0.0997 + 2 x $0.0132 | $0.126 |
| Modal standard fn | 0.5 core x $0.0472 + 2 x $0.008 | $0.040 (gVisor, no suspend) |
Config B: 2 vCPU + 4 GB RAM, 1 hour
| Provider | Cost/hour | 24/7 monthly |
|---|---|---|
| Daytona | $0.166 | ~$121 |
| E2B (Pro) | $0.166 | ~$121 + $150 base = ~$271 |
| Modal Sandbox | $0.239 | ~$174 |
| OpenComputer | $0.240 (reserved: $0.048) | ~$175 (reserved: ~$35) |
| AWS MicroVMs | $0.252 | ~$184 |
A few observations:
- On raw compute, Daytona is cheapest and AWS is most expensive. Purely on the rate card, AWS's $0.126/hr for a small box runs about 50% more than Daytona's $0.083.
- E2B and Daytona publish identical CPU and RAM rates ($0.0504/vCPU-hr, $0.0162/GiB-hr), to the cent. The difference between them is E2B's $150/mo base fee and Firecracker isolation versus Daytona's no-base-fee container model. There's an emerging "market reference price" for agent compute, and these two are anchored right on it.
- OpenComputer's reserved capacity is by far the cheapest sustained option. Pre-committing in 15-minute blocks drops the rate from $0.060 to $0.012 per GB-hour, an 80% reduction. A 4 GB box reserved 24/7 is ~$35/month versus ~$184 for the same box on AWS.
These rate-card numbers can mislead, though: they assume an always-on instance, and agents are rarely always-on.
The Bursty-Workload Reality
The key factor is that agent workloads are bursty. A coding agent runs for thirty seconds, thinks, runs again, then sits idle for ten minutes waiting on a human or an LLM. For that pattern, the suspend/idle model dominates your bill, not the hourly rate.
Every provider here supports some form of scale-to-zero:
- AWS MicroVMs: suspend = $0 compute; you pay only snapshot storage ($0.08/GB-mo) while parked.
- Modal: scale-to-zero, no idle charge.
- Daytona: stopped sandboxes bill disk only; auto-stop after 15 min idle.
- E2B: paused sandboxes stop billing entirely; state retained indefinitely.
- OpenComputer: hibernated = $0 compute; auto-hibernate after 300s idle.
Once you account for that, AWS's rate card — the highest on paper — matters far less. One hands-on analysis modeled a developer-style MicroVM session (2.5 hours active, 5.5 hours suspended per day) at roughly $0.56 per developer per day. The expensive hourly rate only applies to the seconds the VM is actually running, which for most agent workloads is a small fraction of wall-clock time.
The practical takeaway: don't budget agent infrastructure off the hourly rate. Budget it off your active-compute ratio plus your storage footprint. Which brings us back to the dimension that only AWS charges for.
Snapshot and Image Storage: AWS's Unique Line Item
When your agents spend most of their lives suspended, the cost of storing that suspended state becomes significant.
Say you run a fleet of 1,000 stateful agent VMs, each with a 4 GB memory snapshot, mostly hibernated:
Snapshot storage (AWS):
1,000 VMs x 4 GB x $0.08/GB-month = $320/month
Plus per-resume read ops (if you wake each VM once/day):
1,000 x 4 GB x $0.00155/GB x 30 days = $186/month
Plus per-suspend write ops (once/day):
1,000 x 4 GB x $0.0038/GB x 30 days = $456/month
AWS storage + ops subtotal: ~$962/monthOn Modal, Daytona, E2B, or OpenComputer, that same hibernated state is either bundled into a much cheaper disk rate or not separately billed at all. This is the pricing-model insight that matters most: AWS's three-dimension model means the more aggressively you use suspend/resume, the more those snapshot read/write/storage line items add up, even as your compute bill drops. The startups' bundled model makes hibernation nearly free; AWS meters it.
It's not necessarily a worse deal — AWS's compute can be competitive, and you're buying real Firecracker isolation — but it's a fundamentally different cost curve, and it rewards a different usage pattern. AWS rewards long-running active VMs; the startups reward suspend-heavy fleets.
Egress: The Hidden AWS Cost
The other place the AWS bill diverges is data transfer. If your agents scrape the web, pull large datasets, or stream a lot of output, AWS charges standard egress (~$0.09/GB after the first 100 GB/month). None of Modal, Daytona, E2B, or OpenComputer publishes an egress fee.
For a data-heavy agent moving, say, 500 GB/month, that's ~$45/month on AWS that simply doesn't appear on the others' invoices. Again: "not published" doesn't mean free — but it's a real structural difference in how these platforms price.
Isolation, Performance, and Limits
Price is only half the decision. Here's how the five stack up on the operational characteristics that gate which workloads they can even run.
| Provider | Isolation | Boot time | Max resources | Max runtime/state |
|---|---|---|---|---|
| AWS MicroVMs | Firecracker microVM | ~2s | 16 vCPU / 32 GB / 32 GB disk | 8 hours state |
| Modal | gVisor | ~1s | ~16+ cores / 3 TiB disk | 24h (5 min default) |
| Daytona | Container (opt. Kata) | ~71-90 ms | 4 vCPU / 8 GB (16/192 GB w/ GPU) | Unlimited |
| E2B | Firecracker microVM | under 200 ms | 8 vCPU / 8 GiB | 1h Hobby / 24h Pro |
| OpenComputer | KVM full VM | ~300 ms | 1-16 GB (vCPU proportional) | Unlimited |
Two practical notes:
- AWS's ~2s cold start is the slowest here. Daytona (~71-90 ms) and E2B (under 200 ms) are an order of magnitude faster to first command, which matters if you're spinning up a fresh sandbox per request rather than resuming a warm one. AWS's story is built around resume-from-suspend (~1-2s), not cold-start-per-request.
- Only Modal and Daytona offer GPUs. If your agent needs on-box inference, AWS MicroVMs, E2B, and OpenComputer are out; you'd pair them with a separate inference endpoint. (Notably, Modal and Daytona publish identical GPU rates — H100 at $3.95/hr and RTX PRO 6000 at $3.03/hr — the same convergence seen in E2B and Daytona's CPU rates.)
When to Choose Each
Choose AWS Lambda MicroVMs when
✅ You're already deep in AWS and want agent sandboxes inside your VPC, IAM, and billing ✅ You need strong Firecracker isolation for untrusted code ✅ Your VMs run actively for meaningful stretches (the rate card is fine; the snapshot ops are what to watch) ✅ You want full VM control and lifecycle APIs, not a managed abstraction
❌ Avoid if you spin up thousands of short-lived sandboxes per request (cold start ~2s, and snapshot ops add up), or if you need GPUs, or if egress-heavy workloads will dominate your bill.
Choose the alternatives when
| Pick | When |
|---|---|
| Daytona | You want the cheapest compute and fastest cold starts, and container-level isolation is acceptable for your threat model |
| E2B | You want Firecracker isolation with a simple bundled bill, and your usage clears the $150/mo Pro base fee; bonus if you want to self-host |
| Modal | You need GPUs alongside sandboxes, or you're already running Modal serverless functions and want sandboxes in the same platform |
| OpenComputer | You want persistent full VMs with the cheapest sustained cost via reserved capacity, or you want to self-host on your own cloud |
The Bottom Line
AWS Lambda MicroVMs is a serious entry into this market. It brings real Firecracker isolation, genuine suspend/resume statefulness, and AWS-native integration that no startup can match. On compute, it's competitive once you account for the fact that agent workloads are mostly idle.
But it prices like AWS, not like a startup. The snapshot read/write/storage line items and standard egress charges are the costs that will surprise teams migrating from a bundled provider. Where Modal, Daytona, E2B, and OpenComputer give you a single, mostly-compute bill, AWS meters five separate dimensions. For long-running, active, AWS-native agents, that granularity can work in your favor. For suspend-heavy fleets that hibernate thousands of VMs, the bundled providers are structurally cheaper, and the open-source ones (E2B, OpenComputer) can be self-hosted as an alternative.
The same lesson holds across all five providers: what matters is your actual usage pattern, not the hourly rate — your active-compute ratio, your storage footprint, your egress volume, and your isolation requirements. The cheapest rate card in this list (Daytona) comes with the weakest default isolation, and the priciest (AWS) can be the cheapest in practice for the right workload. Run your own numbers against the live pricing pages before you commit.
Pricing and features verified against official sources as of June 29, 2026. These pages change frequently and several providers don't publish rates for every dimension, so re-check before relying on any figure here. Found an error or have a workload you want sanity-checked? Reach out.