AWS Adds support for nested virtualization

2026-02-130:07304118

You can’t perform that action at this time.

Show article

You can’t perform that action at this time.

Page 2

aws-sdk-go-v2 is the v2 AWS SDK for the Go programming language.

The v2 SDK requires a minimum version of Go 1.23.

Check out the release notes for information about the latest bug fixes, updates, and features added to the SDK.

Jump To:

Getting Started
Getting Help
Contributing
More Resources

For information about maintenance and support for SDK major versions and their underlying dependencies, see the following in the AWS SDKs and Tools Shared Configuration and Credentials Reference Guide:

The v2 SDK follows the upstream release policy with an additional six months of support for the most recently deprecated language version.

AWS reserves the right to drop support for unsupported Go versions earlier to address critical security issues.

To get started working with the SDK setup your project for Go modules, and retrieve the SDK dependencies with go get. This example shows how you can use the v2 SDK to make an API request using the SDK's Amazon DynamoDB client.

$ mkdir ~/helloaws
$ cd ~/helloaws
$ go mod init helloaws

$ go get github.com/aws/aws-sdk-go-v2/aws
$ go get github.com/aws/aws-sdk-go-v2/config
$ go get github.com/aws/aws-sdk-go-v2/service/dynamodb

In your preferred editor add the following content to main.go

package main import ( "context" "fmt" "log" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/dynamodb"
) func main() { // Using the SDK's default configuration, load additional config // and credentials values from the environment variables, shared // credentials, and shared configuration files cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion("us-west-2")) if err != nil { log.Fatalf("unable to load SDK config, %v", err) } // Using the Config value, create the DynamoDB client svc := dynamodb.NewFromConfig(cfg) // Build the request with its input parameters resp, err := svc.ListTables(context.TODO(), &dynamodb.ListTablesInput{ Limit: aws.Int32(5), }) if err != nil { log.Fatalf("failed to list tables, %v", err) } fmt.Println("Tables:") for _, tableName := range resp.TableNames { fmt.Println(tableName)
    }
}

$ go run .
Tables:
tableOne
tableTwo

Please use these community resources for getting help. We use the GitHub issues for tracking bugs and feature requests.

This SDK implements AWS service APIs. For general issues regarding the AWS services and their limitations, you may also take a look at the Amazon Web Services Discussion Forums.

If you encounter a bug with the AWS SDK for Go we would like to hear about it. Search the existing issues and see if others are also experiencing the same issue before opening a new issue. Please include the version of AWS SDK for Go, Go language, and OS you’re using. Please also include reproduction case when appropriate.

The GitHub issues are intended for bug reports and feature requests. For help and questions with using AWS SDK for Go please make use of the resources listed in the Getting Help section. Keeping the list of open issues lean will help us respond in a timely manner.

The v2 SDK will use GitHub Issues to track feature requests and issues with the SDK. In addition, we'll use GitHub Projects to track large tasks spanning multiple pull requests, such as refactoring the SDK's internal request lifecycle. You can provide feedback to us in several ways.

GitHub issues. To provide feedback or report bugs, file GitHub Issues on the SDK. This is the preferred mechanism to give feedback so that other users can engage in the conversation, +1 issues, etc. Issues you open will be evaluated, and included in our roadmap for the GA launch.

Contributing. You can open pull requests for fixes or additions to the AWS SDK for Go 2.0. All pull requests must be submitted under the Apache 2.0 license and will be reviewed by an SDK team member before being merged in. Accompanying unit tests, where possible, are appreciated.

SDK Developer Guide - Use this document to learn how to get started and use the AWS SDK for Go V2.

SDK Migration Guide - Use this document to learn how to migrate to V2 from the AWS SDK for Go.

SDK API Reference Documentation - Use this document to look up all API operation input and output parameters for AWS services supported by the SDK. The API reference also includes documentation of the SDK, and examples how to using the SDK, service client API operations, and API operation require parameters.

Service Documentation - Use this documentation to learn how to interface with AWS services. These guides are great for getting started with a service, or when looking for more information about a service. While this document is not required for coding, services may supply helpful samples to look out for

Issues - Report issues, submit pull requests, and get involved (see Apache 2.0 License)

Read the original article

Comments

By boulos 2026-02-132:19

I feel vindicated :). We put in a lot of effort with great customers to get nested virtualization running well on GCE years ago, and I'm glad to hear AWS is coming around.

You can tell people to just do something else, there's probably a separate natural solution, etc. but sometimes you're willing to sacrifice some peak performance just have that uniformity of operations and control.

By alexellisuk 2026-02-138:092 reply

This is great news for folks that use microVMs - "we only use AWS" has been an issue for our stuff (slicer services/sandboxes/actuated self-hosted GitHub runners)

If anyone here can't wait (as it looks like there's very little info on this at the moment..)

I wrote up detailed instructions for Ant Group's KVM-PVM patches. Performance is OK for background servers/tasks, but does take a hit up to 50% on complex builds like Kernels or Go with the K8s client.

DIY/detailed option:

https://blog.alexellis.io/how-to-run-firecracker-without-kvm...

Fully working, pre-built host and guest kernel and rootfs:

https://docs.slicervm.com/tasks/pvm/

I'll definitely be testing this and comparing as soon as it's available. Hopefully it'll be accelerated somewhat compared to the PVM approach. There's still no sign whether those patches will ever end up merged upstream in the Linux Kernel. If you know differently, I'd appreciate a link.

Azure, OCI, DigitalOcean, GCE all support nested virt as an option and do all take a bit of a hit, but it makes for very easy testing / exploration. Bare-metal on Hetzner now has a setup fee of up to 350 EUR.. you can find some stuff with 0 setup fee, but it's usually quite old kit.

Edit: this doesn't look quite as good as the headline.. Options for instances look a bit limited. Someone found some more info here: https://x.com/nanovms/status/2022141660143165598/photo/1

By indigodaddy 2026-02-1318:59

Why would we need PVM if AWS now supports nested virt?

By PunchyHamster 2026-02-138:342 reply

> Bare-metal on Hetzner now has a setup fee of up to 350 EUR.. you can find some stuff with 0 setup fee, but it's usually quite old kit.

I don't understand what you are paying for here, nested virtualization doesn't need any extra setup for hardware compared to normal one

... or you are saying Hetzner wants 350 EUR for turning on normal virtualization option in BIOS ?

By krab 2026-02-138:402 reply

Hetzner charges a fee for setting up your bare-metal machine. Often zero for their smaller machines and for those in auction. Probably they don't want someone to order a large fleet large of machines for one month and then cancel. They might not get another customer for those machines soon.

By mkesper 2026-02-1313:121 reply

Here's what they say themselves: https://www.hetzner.com/pressroom/statement-setup-fees-adjus...

By krab 2026-02-1313:16

Good context. They're commenting only on why are they increasing some setup fees though, not justifying their existence. The Hetzner setup fees were in place already before the RAM price hike.

By PunchyHamster 2026-02-1323:09

...but servers come with virtualization on by default for like... at least a decade if not more

So they literally want money to fix what they fucked up the first time

By alexellisuk 2026-02-1313:033 reply

They used to charge a fair admin fee like 30-70 EUR for most bare-metal hosts.. now it's 99 EUR for the most basic/cheapest option.. up to 350 EUR for something modest like a 16 Core Ryzen.. monthly fees haven't changed much.

https://www.hetzner.com/dedicated-rootserver/matrix-ex/ https://www.hetzner.com/dedicated-rootserver/matrix-ax/

By sidewndr46 2026-02-1313:311 reply

I've never used Hetzner because their terms of service didn't make any sense to me, but a 350 EUR fee for each setup? That almost seems like they don't want business. Every bare metal host I've used had a management interface I could submit a job to in order to reprovision my host at any time. Some even offer a recovery console through this. It takes 1-10 minutes but I'm assuming it was out of band management based, not human interaction.

Worst case I ever had a hard drive failed and I had to wait I think a week for OVH to physically replace it.

By lelandbatey 2026-02-1315:091 reply

Hetzner offers uniquely cheap dedicated hosting, even beating OVH. Per their statement about the fees, they're having to do this because without the setup fees, recent hardware prices increases would otherwise raise the price of acquiring new hardware so high that they would essentially never make a profit on the hardware they would have to buy for new orders. They're also saying that their overall prices are going to have to increase if the hardware prices don't change soon. Thus they are charging more for setup while keeping their monthly prices low, or at least trying to for now: https://www.hetzner.com/pressroom/statement-setup-fees-adjus...

By sidewndr46 2026-02-1319:001 reply

That seems counter to a "pay as you go" or "pay what you use for" model. I'd rather have sky high monthly fees, so that I don't have a sunk cost.

By drizmans 2026-02-1411:24

Bare metal has never been a pay as you go model, its so much cheaper you usually over provision by a factor of 10-100, and still spend less than you would on the cloud if you have moderate needs. You are trading ops tax for money tax.

By LunaSea 2026-02-1315:18

You'll still pay 10x less than any of the cloud platforms.

By PunchyHamster 2026-02-1323:10

Feels weird to roll it in into setup fee vs monthly price

By anurag 2026-02-131:055 reply

This is a big deal because you can now run Firecracker/other microVMs in an AWS VM instead of expensive AWS bare-metal instances.

GCP has had nested virtualization for a while.

By direwolf20 2026-02-137:411 reply

You can use an expensive AWS VM instead of an expensive AWS bare–metal image. Does anyone realise how expensive AWS is, even in the best case?

By PunchyHamster 2026-02-138:414 reply

It is expensive. But the point where it stops being expensive is far above most companies use case. If you're paying less than a developers salary for hosting you most likely won't see all that many benefits from moving.

Renting a server from cheaper hosting providers can be massive savings but you now need to re-invent all of the AWS APIs you use or might use and it's big CAPEX time investment. And any new feature you need, whether that's queue, mail gateway or thousand other APIs need to be deployed and managed first before you can even start testing.

It's less work now than it was before just due to amount of tools there are to automate it but it's still more work that you could be spending on improving your product.

By re-thc 2026-02-139:051 reply

> but you now need to re-invent all of the AWS APIs you use or might use and it's big CAPEX time investment

Or maybe you just never needed most of these in the first place. People got into this "AWS" mentality like it is the only way to do things. Everything had to be in a queue, event driven etc.

I'd argue not using AWS means simplifying things and it'll be less expensive not just in server cost but developer time.

By stoneforger 2026-02-1310:492 reply

You don't get how this works. You buy in AWS because everyone else is , so it's expected. It diffuses risk to your stock options. This also begets a whole generation of people who can only use cloud services so now you are more hard pressed to find people with experience to run things without the cloud. You also create a bigger expenses sheet so it shows you're investing and growing, attracting more investors. "We pay 10 mil in AWS , we're that big". It's classic perverse incentives feeding into a monoculture.

By drizmans 2026-02-1411:30

[dead]

By re-thc 2026-02-1313:57

[flagged]

By notyourwork 2026-02-139:57

Agreed. Some threads make the suggestion you replied to and seemingly fail to ignore the reality of business. Not all businesses want to insource all problems.

By j45 2026-02-1312:41

If you ever used the aws apis to begin with.

Folks are increasingly staying cloud agnostic - meaning install and run the open source package that a cloud packages yourself.

It’s surprising how many are ready to go today compared to 10 years ago.

By pezgrande 2026-02-1313:222 reply

System admins are probably cheaper that Cloud experts devops.

By rirze 2026-02-1314:241 reply

Good system admins? No.

By drizmans 2026-02-1411:33

[dead]

By PunchyHamster 2026-02-1323:02

Not at scale to run your own bunch of servers competently.

By Twirrim 2026-02-135:55

OCI supports it with Intel. I know it works with AMD, but we don't officially support that so far as I'm aware. The performance hit on AMD is bigger than Intel, last I looked.

By iJohnDoe 2026-02-131:271 reply

Was hoping this comment would be here. Firecracker and microVMs are good use-case. Also, being able to simply test and develop is a nice to have.

Nested virtualization can mean a lot of things. Not just full VMs.

By HumanOstrich 2026-02-136:174 reply

> Firecracker and microVMs are good use-case.

Good use-case for what?

By sorenbs 2026-02-139:41

We operate a postgres service on Firecracker. You can create as many databases as you want, and we memory-snapshot them after 5 seconds of inactivity, and spin them up again in 50ms when a query arrives.

https://www.prisma.io/postgres

By adobrawy 2026-02-136:291 reply

Nowadays universal answer for "what? why?" is AI. AI agent needs VMs to run generated code in sandbox as they can not be trusted.

By HumanOstrich 2026-02-136:55

I don't think everyone should assume that AI is the answer to all questions. I was asking the person I replied to, thanks.

By j45 2026-02-1313:13

The poster you asked can reply too - Postgres and microvms are worth considering nearly every time at the start.

Beyond encapsulation it greatly increases the portability of the software between environments and different clouds.

By ushakov 2026-02-1315:37

We are running Sandboxes for AI Agents using Firecracker microVMS @ E2B

By parhamn 2026-02-131:152 reply

whats the ~ perf hit of something like this?

By largbae 2026-02-131:25

Nowadays nested just wastes the extra operating system overhead and I/O performance if your VM doesn't have paravirtualization drivers installed. CPUs all have hardware support.

By otterley 2026-02-131:40

As a practical matter, anywhere from 5-15%.

By firesteelrain 2026-02-134:521 reply

Azure has had nested virt available for a while too. I used to run HyperV in cloud

By whopdrizzard 2026-02-1310:351 reply

Azure has recently announced "direct virtualization", which is a sort of logical nesting, in which users can sub-partition their L1 VMs into virtual L2 VMs that are technically siblings.

https://techcommunity.microsoft.com/blog/azurecompute/scalin...

(I work there)

By firesteelrain 2026-02-1313:391 reply

Cool, so that’s the new and preferred model for nested or sibling virt?

By whopdrizzard 2026-02-1314:551 reply

eventually yes, this is supposed to remove the perf tax of nested virtualization (less world/context switches on vm_exits) and unlocks some new use cases (pass through hardware from your VM to the sibling-guest).

By firesteelrain 2026-02-1423:36

Interesting ! I stopped working in Azure back in August. But I know of teams still using the nested virt HyperV setup I created to allow multicast to between VMs in Cloud.