feat: add AWS Lambda Managed Instances (LMI) skill to aws-serverless plugin#140
feat: add AWS Lambda Managed Instances (LMI) skill to aws-serverless plugin#140sbbhimji wants to merge 6 commits intoawslabs:mainfrom
Conversation
…plugin Add a new skill for evaluating, configuring, and migrating workloads to AWS Lambda Managed Instances. Includes workload fitness assessment, 4-column cost comparison (Lambda OD/SP vs LMI OD/SP), configuration recommendations, thread-safety review, and end-to-end migration framework. Reference files cover cost analysis, configuration tuning, thread safety, runtime-specific migration patterns, infrastructure setup (CLI/SAM/CDK), and troubleshooting.
…nces - Add managed-instances and lmi keywords to plugin.json - Add LMI skill triggers to README aws-serverless section - Add cross-reference to LMI skill in aws-lambda SKILL.md (key capabilities and "When to Load Reference Files" sections) - Update plugin description to mention Lambda Managed Instances
sbbhimji
requested review from
a team,
krokoko,
scottschreckengaust and
theagenticguy
There was a problem hiding this comment.
Pull request overview
Adds a new aws-lambda-managed-instances skill to the aws-serverless plugin, providing an agent workflow and reference material to evaluate, configure, and migrate workloads to Lambda Managed Instances (LMI), and wires it into existing plugin docs/metadata.
Changes:
- Introduces a new
aws-lambda-managed-instancesskill (SKILL.md) plus several reference guides (cost, configuration, thread safety, migration patterns, infra setup, troubleshooting). - Updates the existing
aws-lambdaskill to cross-reference the new managed-instances skill. - Updates plugin metadata and root README to mention LMI and add trigger phrases/keywords.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| plugins/aws-serverless/skills/aws-lambda/SKILL.md | Adds cross-references so the Lambda skill routes LMI questions to the new skill. |
| plugins/aws-serverless/skills/aws-lambda-managed-instances/SKILL.md | New core workflow and routing to reference files for LMI evaluation/config/migration. |
| plugins/aws-serverless/skills/aws-lambda-managed-instances/references/cost-comparison.md | Adds pricing formulas, comparison template, and worked example for Lambda vs LMI. |
| plugins/aws-serverless/skills/aws-lambda-managed-instances/references/configuration-guide.md | Adds instance/memory/concurrency tuning guidance and scaling controls. |
| plugins/aws-serverless/skills/aws-lambda-managed-instances/references/thread-safety.md | Adds a thread-safety checklist and runtime-specific guidance. |
| plugins/aws-serverless/skills/aws-lambda-managed-instances/references/migration-patterns.md | Adds before/after migration examples for multi-concurrency readiness. |
| plugins/aws-serverless/skills/aws-lambda-managed-instances/references/infrastructure-setup.md | Adds IAM/VPC/CLI + SAM template guidance for capacity provider setup. |
| plugins/aws-serverless/skills/aws-lambda-managed-instances/references/troubleshooting.md | Adds common issues table and debugging steps. |
| plugins/aws-serverless/.claude-plugin/plugin.json | Adds managed-instances and lmi keywords for discoverability. |
| README.md | Updates plugin description and adds the new skill to the aws-serverless trigger table. |
| - **Cost comparison**, **pricing analysis**, **Lambda vs LMI cost**, **Savings Plans**, or **Reserved Instances** -> see [references/cost-comparison.md](references/cost-comparison.md) | ||
| - **Instance types**, **memory sizing**, **vCPU ratios**, **scaling tuning**, or **capacity provider config** -> see [references/configuration-guide.md](references/configuration-guide.md) | ||
| - **Thread safety**, **code review checklist**, or **multi-concurrency readiness** -> see [references/thread-safety.md](references/thread-safety.md) | ||
| - **Before/after code examples**, **runtime-specific migration** (Node.js, Python, Java, .NET), or **connection pooling** -> see [references/migration-patterns.md](references/migration-patterns.md) |
| - **Instance types**, **memory sizing**, **vCPU ratios**, **scaling tuning**, or **capacity provider config** -> see [references/configuration-guide.md](references/configuration-guide.md) | ||
| - **Thread safety**, **code review checklist**, or **multi-concurrency readiness** -> see [references/thread-safety.md](references/thread-safety.md) | ||
| - **Before/after code examples**, **runtime-specific migration** (Node.js, Python, Java, .NET), or **connection pooling** -> see [references/migration-patterns.md](references/migration-patterns.md) | ||
| - **IAM roles**, **VPC setup**, **CLI commands**, **SAM template**, or **CDK example** -> see [references/infrastructure-setup.md](references/infrastructure-setup.md) |
| |--------|---------------------|---------------------------| | ||
| | Traffic | Steady, predictable, 50M+ req/mo | Bursty, unpredictable, long idle | | ||
| | Cost | Duration-heavy spend at scale | Low or sporadic invocations | | ||
| | Cold starts | Unacceptable (LMI has zero) | Tolerable or mitigated by SnapStart | |
There was a problem hiding this comment.
I think that might be a bit misleading as this is only true if the currently provisioned instances can handle the load. What is the user experience on scale-out?
There was a problem hiding this comment.
Clarified, now reads "LMI eliminates for provisioned capacity; scale-out may have brief delays"
| | Cost | Duration-heavy spend at scale | Low or sporadic invocations | | ||
| | Cold starts | Unacceptable (LMI has zero) | Tolerable or mitigated by SnapStart | | ||
| | Compute | Latest CPUs, specific families, high network BW | Standard Lambda memory/CPU sufficient | | ||
| | Compliance | Single-tenant required, VPC control | Multi-tenant Firecracker acceptable | |
There was a problem hiding this comment.
I'm not sure what you are trying to describe here
There was a problem hiding this comment.
Reframed as "Isolation", "Dedicated EC2 instances in your account, full VPC control" vs "Shared Firecracker micro-VMs acceptable"
| | Lambda on-demand | Low volume, bursty traffic | | ||
| | Lambda + Savings Plan | Moderate steady volume (~17% duration discount) | | ||
| | LMI on-demand | High volume, steady traffic | | ||
| | LMI + 3yr Savings Plan | High volume + commitment (up to 72% EC2 discount) | |
There was a problem hiding this comment.
This requires forecasting with a high degree of certainty. Do we need to talk about financial constructs here?
There was a problem hiding this comment.
Simplified, removed SP/RI from the main comparison table, now defers to AWS Pricing Calculator for discount analysis
|
|
||
| ### Step 5: Set Up Infrastructure | ||
|
|
||
| Two IAM roles required (execution + operator). VPC with 3+ AZ subnets. Create capacity provider, attach function, publish version. |
There was a problem hiding this comment.
This should be structured as a list/procedure
There was a problem hiding this comment.
Converted to 5-step numbered procedure
|
|
||
| ### Step 6: Validate and Cut Over | ||
|
|
||
| 1. Test locally with LocalStack (supports LMI emulation) |
There was a problem hiding this comment.
What about their recent licensing changes? Does this affect our guidance here?
There was a problem hiding this comment.
Removed LocalStack reference entirely, now says "Deploy to a non-production environment first"
|
|
||
| ### Regional Availability | ||
|
|
||
| us-east-1, us-east-2, us-west-2, ap-northeast-1, eu-west-1 |
There was a problem hiding this comment.
Can we instead refer to the docs or builder central to avoid keeping it in sync
There was a problem hiding this comment.
Replaced with link to Lambda Managed Instances docs
| aws iam create-role --role-name LMIExecutionRole \ | ||
| --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"},"Action":"sts:AssumeRole"}]}' | ||
| aws iam attach-role-policy --role-name LMIExecutionRole \ | ||
| --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole |
There was a problem hiding this comment.
The managed roles are pretty broad (using wildcards), can we instead list the minimal permissions necessary? Or somehow surface that least-privilege needs to be applied after testing?
There was a problem hiding this comment.
Replaced with least-privilege permissions using ec2:ManagedResourceOperator condition (sourced from aws-samples repo)
| - Function invocations bypass VPC (routed through Lambda service) | ||
| - Recommended VPC endpoints: CloudWatch Logs, X-Ray, S3, DynamoDB, SQS | ||
|
|
||
| ## CLI Workflow |
There was a problem hiding this comment.
Extract this into a bash script
There was a problem hiding this comment.
Created scripts/setup-lmi.sh with parameterized setup
…model - Fix Python concurrency model: process-based isolation, no thread safety needed - Clarify cold starts claim (provisioned capacity only) - Replace hardcoded regional availability with docs link - Replace LocalStack reference with generic non-prod testing - Convert Step 5 to numbered procedure - Simplify cost comparison (defer SP/RI to pricing calculator) - Use least-privilege IAM with ec2:ManagedResourceOperator condition - Add setup-lmi.sh script for automated provisioning - Add VPC endpoint requirements table with costs - Add Powertools compatibility and SDK minimum versions - Add CloudWatch metrics dimensions guidance - Add pricing calculator, samples repo, and migration blog to resources
leandrodamascena
left a comment
leandrodamascena
left a comment
There was a problem hiding this comment.
Hey @sbbhimji, nice work on this, the skill is well structured and the content is technically accurate. Left 2 small comments to address before merging.
| | Python | Powertools for AWS Lambda (Python) | 3.23.0 | | ||
| | TypeScript | Powertools for AWS Lambda (TypeScript) | 2.29.0 | | ||
| | Java | Powertools for AWS Lambda (Java) | 2.8.0 | | ||
| | .NET | Powertools for AWS Lambda (.NET) | Not yet supported | |
There was a problem hiding this comment.
Powertools dotnet already support LMI.
- #1078 (feat(logging): implement thread-safe logging with per-thread scope storage aws-powertools/powertools-lambda-dotnet#1078) — thread-safe logging with per-thread scope storage
- #1076 (Feature request: Logger LMI support aws-powertools/powertools-lambda-dotnet#1076) — Logger LMI support (closed)
- #1081 (Feature request: Tracing LMI support aws-powertools/powertools-lambda-dotnet#1081) — Tracing LMI support (closed)
- #1083 (Feature request: Idempotency LMI support aws-powertools/powertools-lambda-dotnet#1083) — Idempotency LMI support (closed)
- #1095 (Feature request: Batch LMI support aws-powertools/powertools-lambda-dotnet#1095) — Batch LMI support (closed)
- #1097 (Feature request: Parameters LMI support aws-powertools/powertools-lambda-dotnet#1097) — Parameters LMI support (closed)
I'll fix the Lambda doc on our side to reflect this.
There was a problem hiding this comment.
Thanks Leandro! Updated — removed the "not yet supported" note from .NET guidance and updated the Powertools compatibility table to reflect full support (logging, tracing, idempotency, batch, parameters).
|
|
||
| | Scenario | Monthly | Annual | Savings | | ||
| |----------|---------|--------|---------| | ||
| | Lambda on-demand | $484 | $5,808 | baseline | |
There was a problem hiding this comment.
I'd either remove the specific dollar amounts and point to the pricing calculator, or at minimum add a note with the assumptions (region, instance type, request volume) and a "last verified" date so people know when to re-check.
There was a problem hiding this comment.
Good call. Removed the hardcoded dollar amounts and replaced with guidance to use the LMI Pricing Calculator for accurate, workload-specific comparisons.
…d cost example - Update Powertools .NET to supported (logging, tracing, idempotency, batch, parameters) - Remove hardcoded cost example, defer to LMI Pricing Calculator
Summary
Adds a new skill to help users evaluate, configure, and migrate workloads to AWS Lambda Managed Instances (LMI) — the
recently launched feature that runs Lambda functions on dedicated EC2 instances with AWS managing the lifecycle.
What's included
SKILL.md (205 lines) — core workflow with 6 steps:
6 reference files (42-96 lines each):
cost-comparison.md— pricing formulas, discount comparison, worked example, break-even guidanceconfiguration-guide.md— instance type decision tree, memory sizing from existing Lambda/EC2, concurrency tuning,scaling controls
thread-safety.md— code review checklist, runtime-specific guidance (Node.js, Python, Java, .NET), commonanti-patterns
migration-patterns.md— before/after code examples per runtime (global state, file I/O, database connections)infrastructure-setup.md— IAM roles, VPC requirements, CLI workflow, SAM templatetroubleshooting.md— common issues, debugging steps for startup/performance/costPlugin registration:
managed-instancesandlmikeywords toplugin.jsonaws-serverlesssectionaws-lambda/SKILL.md(Key Capabilities + When to Load Reference Files)Design decisions
Compute Savings Plans covering Lambda duration
this is the feat: initial branch #1 source of production issues when adopting LMI
progressive disclosure, explicit defaults, error handling
Test plan
claude --plugin-dir ./plugins/aws-serverlessaws-lambdaskill routes to LMI skillclaude --plugin-dir ./plugins/aws-serverless --verboseto verify < 5000 token initial loadBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.