Lambda MicroVM CDK Constructs
AppTheory’s MicroVM CDK surface is the deployment side of the corrective M16 MicroVM contract. The v1.14.0 / M15
foundation should not be cited as complete live MicroVM support; new controller docs, examples, and conformance proof use
m16.microvm/v1 and the real operation vocabulary.
Use these constructs together:
AppTheoryMicrovmNetworkConnectoror typed connector references for caller-owned and AWS-managed connector wiring;AppTheoryMicrovmImagefor theAWS::Lambda::MicrovmImageresource and hook configuration;AppTheoryMicrovmControllerfor protected real controller routes, the controller Lambda, IAM grants, fail-closed environment wiring, token-hidden workload invocation, and the durable session registry table.
This is the single AppTheory deployment path for MicroVM applications. Do not drop to raw CDK resources or raw AWS SDK calls to bypass controller auth, lifecycle validation, registry shape, token safety, or network-boundary requirements.
Construct sequence
- Import or pass the caller-owned
ec2.IVpc, selected subnets, and explicit security groups for any VPC egress connector AppTheory creates. - Create
AppTheoryMicrovmNetworkConnectorfor VPC egress, or pass explicitly typed imported/AWS-managed connector references with the correct connector kind. - Create
AppTheoryMicrovmImagewith a caller-provided base image, build role, artifact URI, hook configuration, logging posture, resources, and egress connector references. - Create
AppTheoryMicrovmControllerwith controller Lambda packaging, a Lambda request authorizer, the image reference, explicit ingress connector references, explicit egress connector references, an explicit shell-ingress connector reference, and optional session-table settings. - Implement the controller Lambda with AppTheory MicroVM runtime/controller primitives and the session registry table
name from
APPTHEORY_MICROVM_SESSION_REGISTRY_TABLE. - Use
examples/microvm-conformancefor consumer proof. Local dry-run proves harness readiness only; live proof requires a consumer-provided EqualToAI/Host lab deployment and configuration.
The runnable reference stack lives at examples/cdk/microvm-controller. It demonstrates construct wiring,
endpoint-dispatched no-hook image builds, and Go/TypeScript/Python workload invocation through the AppTheory controller.
Synthesis does not perform live AWS lookups; deployment requires a bootstrapped account in a region where Lambda
MicroVMs are available.
Network connector boundary
AppTheoryMicrovmNetworkConnector creates VPC egress connectors from explicit caller-owned network context:
| Prop | Required | Notes |
|---|---|---|
vpc |
yes | Caller-provided ec2.IVpc. AppTheory does not synthesize or look up a VPC for you. |
subnets |
yes | One to sixteen caller-provided subnets. |
securityGroups |
yes | One to five caller-provided security groups. No default-security-group fallback. |
networkProtocol |
no | Defaults to AppTheoryMicrovmNetworkProtocol.IPV4; DUAL_STACK is explicit. |
operatorRole |
no | Existing role Lambda can assume to manage connector ENIs. |
operatorRoleName |
no | Used only when AppTheory creates the operator role; cannot be combined with operatorRole. |
The same CDK surface exposes typed imported/AWS-managed connector references:
| Helper | Connector kind | Use |
|---|---|---|
fromNetworkConnectorArn(..., kind) |
caller-supplied | Import a connector while preserving the ingress/egress/shell kind. |
allIngress(...) |
ingress | AWS-managed all-ingress connector reference. |
noIngress(...) |
ingress | AWS-managed no-ingress connector reference. |
internetEgress(...) |
egress | AWS-managed internet-egress connector reference. |
shellIngress(...) |
shell-ingress | AWS-managed shell-ingress connector required for shell auth-token support. |
When AppTheory creates an egress connector, it scopes the ENI policy to the supplied subnet and security-group IDs. The
construct creates the AWS::Lambda::NetworkConnector resource but does not vend accounts, mutate unrelated networks, or
invent hidden connectors.
Image resource and hooks
AppTheoryMicrovmImage creates the AWS::Lambda::MicrovmImage resource from caller-provided inputs:
| Prop | Required | Notes |
|---|---|---|
name, description |
yes | Image name and version description. |
baseImageArn, baseImageVersion |
yes | Caller-selected base image reference. |
buildRoleArn |
yes | Caller-provided IAM build role ARN. |
codeArtifact.uri |
yes | Artifact URI, such as an S3 path or ECR image URI. |
egressNetworkConnectors |
yes | One to ten egress connector references. |
hooks |
yes | Hook configuration object. Use {} for endpoint-dispatched no-hook images. |
logging |
yes | Exactly one of CloudWatch logging or disabled: true. |
resources |
yes | Exactly one resource entry; minimumMemoryInMiB is required. |
additionalOsCapabilities |
no | Defaults to [ALL]. |
cpuConfigurations |
no | Defaults to ARM64; AppTheory does not broaden this into arbitrary architectures. |
For the AppTheory endpoint-dispatched workload path, pass hooks: {}. AppTheory then synthesizes Hooks: {} so AWS
builds the image without AWS-invoked lifecycle hooks; runtime HTTP traffic is delivered through the MicroVM endpoint and
proxied by the controller invoke route.
When AWS hook integration is intentionally configured, hook fields on the image construct are:
hooks.microvmImageHooks.readyandhooks.microvmImageHooks.validatefor image-build hooks;hooks.microvmHooks.resume,run,suspend, andterminatefor runtime MicroVM hooks;- timeout fields alongside each hook when the AWS resource should enforce a hook timeout.
Application lifecycle behavior still belongs to AppTheory runtime lifecycle adapters. The image construct is not a raw lifecycle hook bypass, and hook configuration is not the workload HTTP access path.
Controller deployment
AppTheoryMicrovmController provisions:
- an HTTP API v2 API and stage;
- a controller Lambda created from caller-supplied
lambda.FunctionProps; - a Lambda request authorizer attached to every controller route;
- the durable TableTheory-shaped DynamoDB session table;
- IAM grants for the constrained Lambda MicroVM control-plane actions,
ListMicrovms, permission-onlyPassNetworkConnector, the supplied MicroVM image, supplied network connector references, and optional execution-role pass-through; - fail-closed environment wiring for the controller Lambda.
Required props:
| Prop | Required | Notes |
|---|---|---|
controller |
yes | Lambda packaging/configuration. Handler code must use AppTheory MicroVM runtime/controller primitives. |
authorizer |
yes | Lambda request authorizer. Omission fails closed; unauthenticated routes are not synthesized. |
microvmImage |
yes | IAppTheoryMicrovmImage reference the controller may run. |
ingressNetworkConnectors |
yes | Ingress connector references the controller may pass to Lambda MicroVMs. |
egressNetworkConnectors |
yes | Egress connector references the controller may pass to Lambda MicroVMs. |
shellIngressNetworkConnector |
yes | Shell-ingress connector required for shell-auth-token support. |
Controller routes are fixed:
| Method | Path | Operation |
|---|---|---|
POST |
/microvms |
run |
GET |
/microvms |
list |
GET |
/microvms/{session_id} |
get |
POST |
/microvms/{session_id}/suspend |
suspend |
POST |
/microvms/{session_id}/resume |
resume |
DELETE |
/microvms/{session_id} |
terminate |
ANY |
/microvms/{session_id}/invoke |
invoke |
ANY |
/microvms/{session_id}/invoke/{proxy+} |
invoke |
POST |
/microvms/{session_id}/auth-token |
auth-token |
POST |
/microvms/{session_id}/shell-auth-token |
shell-auth-token |
The invoke routes are the single AppTheory path for ordinary workload HTTP access. Callers use the same controller
authorizer plus tenant and namespace headers, optionally pass X-AppTheory-MicroVM-Port (the example workloads use
8080), and receive the workload’s sanitized HTTP response. The controller mints the provider auth token internally and
does not expose X-aws-proxy-auth, provider bearer credentials, raw AWS SDK clients, or plaintext tokens to callers.
shell-auth-token is canonical. Runtime route helpers may accept shell-token as a compatibility alias, but the CDK
construct and conformance harness do not use it as a canonical route.
The construct sets these controller environment variables:
| Variable | Meaning |
|---|---|
APPTHEORY_MICROVM_CONTRACT_NAME |
apptheory.lambda_microvm |
APPTHEORY_MICROVM_CONTRACT_VERSION |
m16.microvm/v1 |
APPTHEORY_MICROVM_CONTROLLER_ENDPOINT |
Synthesized /microvms base endpoint. |
APPTHEORY_MICROVM_CONTROLLER_OPERATIONS |
Comma-separated canonical operations, including invoke. |
APPTHEORY_MICROVM_CONTROLLER_ROUTES |
Comma-separated canonical method/path pairs, including root/proxy invoke routes. |
APPTHEORY_MICROVM_CONTROLLER_AUTH_REQUIRED |
Always true. |
APPTHEORY_MICROVM_CONTROLLER_AUTH_DEFAULT |
Always deny. |
APPTHEORY_MICROVM_SESSION_REGISTRY_TABLE |
Durable session table name. |
APPTHEORY_MICROVM_IMAGE_REF |
Permitted MicroVM image ARN/reference. |
APPTHEORY_MICROVM_NETWORK_CONNECTOR_REFS |
Compatibility egress connector reference list. |
APPTHEORY_MICROVM_INGRESS_NETWORK_CONNECTOR_REFS |
Permitted ingress connector references. |
APPTHEORY_MICROVM_EGRESS_NETWORK_CONNECTOR_REFS |
Permitted egress connector references. |
APPTHEORY_MICROVM_SHELL_INGRESS_NETWORK_CONNECTOR_REF |
Required shell-ingress connector reference. |
APPTHEORY_MICROVM_EXECUTION_ROLE_ARN |
Present only when an execution role is supplied; the real runtime controller reads it and passes it to provider RunMicrovm as the MicroVM execution role. |
Reserved environment variables cannot be overridden through controller.environment.
When executionRole is supplied, controller handlers should stay on the AppTheory MicroVM golden path: construct the
real controller through NewRealController / createRealMicroVMController / create_real_microvm_controller and use the
official provider adapter. Those controllers consume APPTHEORY_MICROVM_EXECUTION_ROLE_ARN automatically. Do not accept
caller-provided role ARNs over the HTTP route and do not fork the AWS SDK provider only to set ExecutionRoleArn.
Session table shape
The controller-created table is the canonical durable session registry:
- partition key:
pk(STRING); - sort key:
sk(STRING); - TTL attribute:
ttl; - default billing:
PAY_PER_REQUEST; - default removal policy:
RETAIN; - point-in-time recovery enabled by default;
- AWS-managed encryption by default, with customer-managed KMS supported only when a key is supplied.
Records use the TableTheory/DynamoDB key shape:
| Field | Canonical value |
|---|---|
pk |
TENANT#<tenant_id>#NAMESPACE#<namespace> |
sk |
SESSION#<session_id> |
ttl |
Unix expiry derived from expires_at |
Controller/session handlers must use this registry table rather than route-local memory, ad-hoc tables, or raw SDK storage. The durable record is tenant-bound and includes session state, desired state, image/network refs, provider binding, AWS lifecycle state, controller ID, creation/update/expiry fields, generation/version fields, last command metadata, auth subject, token metadata, and optional safe metadata.
Authentication posture
Controller routes are protected and fail closed by default. A production authorizer must bind the caller to the tenant, namespace, subject, and entitlements expected by the controller envelope. The example’s demo token authorizer is only a synth-time shape example; it is not production auth proof.
The authorizer result cache defaults to Duration.seconds(0). Increase it only when your tenant-bound authorization
model can tolerate cached decisions.
Evidence boundary and non-goals
The CDK docs and examples demonstrate repo-local wiring for the AppTheory construct surface. The reference example has
been live-smoked in us-east-1 with Go, TypeScript, and Python workloads through the AppTheory invoke route. That does
not prove EqualToAI/Host application behavior, customer workload readiness, arbitrary cloud mutation, account vending,
VPC creation, or that unauthenticated controllers are acceptable.
AppTheory intentionally does not add:
- raw AWS SDK escape hatches;
- raw lifecycle hook bypasses;
- unauthenticated controller defaults;
- hidden account, VPC, subnet, security-group, or network connector mutation;
- a deployment path outside AppTheory CDK constructs;
- release-train execution or immutable GitHub Release creation.
Validation
For this docs surface, ordinary repository validation is:
make test
When changing runtime-visible behavior or exported API, also run the contract and snapshot gates described in Contract Fixtures. When changing MicroVM conformance coverage, run:
./scripts/verify-microvm-conformance-harness.sh