New serverless pattern - lambda-microvm-dta

[riita10069]

New serverless pattern: lambda-microvm-dta

A CI/CD dynamic threat analysis (DTA) gate built on AWS Lambda MicroVMs. It runs an untrusted artifact inside an isolated MicroVM and decides pass/fail based on how the artifact behaves at runtime — not on what it claims about itself.

How it works

• A MicroVM image carries a small sandbox supervisor. For each analysis the orchestrator runs a fresh MicroVM, the supervisor launches the target as a child process (argv only, never a shell), and a set of collectors observe it entirely from the outside.
• Collectors: process tree (/proc), filesystem before/after diff, canary files/env vars, syscalls (strace -ff, ptrace/user-space), and network (/proc/net).
• A small, explainable rule engine turns observed events into a deterministic verdict (clean / suspicious / policy_violation / unknown / error) and a machine-readable report.json. There is no malware verdict — it is a CI gate, not a classifier.
• The MicroVM is always terminated, even on failure.

Design notes

• The target never reports on itself — every conclusion is an external observation.
• Safe by default: benign, canary-based scenarios (no real malware/exploits/secrets). AWS mode is double-gated (DTA_ALLOW_AWS_MODE=true and --confirm-sandbox-account).
• Honest support boundary: Tracee/Falco/custom eBPF/packet capture are explicitly out of scope for this version (they need kernel feature probes this sample does not perform).

Contents

• main.tf / variables.tf / outputs.tf / versions.tf / vpc_egress.tf — Terraform for the artifact S3 bucket and least-privilege build/execution IAM roles (optional GitHub OIDC role and VPC egress are off by default).
• src/microvm/ — the in-MicroVM supervisor, collectors, and rule engine.
• src/orchestrator/ — the microvm-dta CLI (package / build-image / run / start-analysis / fetch-results / dry-run / cleanup).
• src/examples/targets/ — benign and behavior-demonstrating target configs.

Testing performed

• End-to-end on GA Lambda MicroVMs: terraform apply → build image → run MicroVM → start-analysis → fetch-results → cleanup → terraform destroy. A benign target returns passed / clean; a /bin/sh-spawning target is flagged suspicious (rule R004) once strace observes the execve.
• Local dry-run (no AWS account) for the full supervisor pipeline.

A separate Serverless Land pattern-submission issue will be filed per PUBLISHING.md.

By submitting this pull request, I confirm that my contribution is made under the terms of the MIT-0 license.

[riita10069]

@bfreiberg Hello, I'm Ryota I mention you as Rohan Mehta told me on Slack channel.

[ellisms]

Hi @riita10069 , thanks for the submission. Requesting a few minor changes. Note the jq error I encountered - it seems the command outputs more than just the JSON response.

[ellisms]

Add the expected url: https://serverlessland.com/patterns/lambda-microvm-dta

[ellisms]

This command fails on the jq step with:

jq: parse error: Invalid numeric literal at line 1, column 8

My MVM variable contains:

microvm state=PENDING
microvm state=RUNNING
{
  "endpoint": "b8cf8297-f47b-b2d3-a852-b0d1bcea5af1.lambda-microvm.us-east-1.on.aws",
  "microvmId": "microvm-ff660258-d884-3bfc-b379-035c4770a5cc"
}

[riita10069]

Thanks for the review @ellisms! Addressed all the comments:

1. README:5 — set the Serverless Land URL to https://serverlessland.com/patterns/lambda-microvm-dta.
2. Dockerfile:3-4 — removed the duplicated header comment lines (applied your suggestions).
3. jq parse error — root cause was the run/wait-image progress lines (microvm state=..., image state=...) being printed to stdout alongside the JSON, so | jq choked on them. I moved those progress lines to stderr; stdout now carries only the JSON response, so the documented ... run ... | jq -r .microvmId parses cleanly. The progress messages are still visible on the terminal.

Pushed as a91bb33.