AWS Lambda Managed Instances allow Lambda functions to run on EC2 instances. This shift gives access to specialized hardware and various EC2 pricing models while AWS manages the infrastructure. The setup process highlights some limitations, particularly around IAM roles; attempts to modify these roles result in explicit denials, which AWS enforces to limit permissions and reduce security risks. The standard methods for accessing EC2 instances, such as SSM and SSH, are also unavailable, complicating potential security analysis. Lambda Managed Instances run on Bottlerocket OS and leverage a system referred to as "Elevator." Functions execute as containerd containers, managed by services like the Lambda Agent and a monitoring system called Fluxpump. The architecture emphasizes resource isolation and includes unique network configurations to enhance security. Despite the lack of direct access, tools like investigator.cloud and coldsnap allow for analysis of the underlying infrastructure, revealing insights into how AWS manages Lambda Functions and their security measures. The article raises questions about how AWS grants temporary access credentials to Lambda Functions with different roles, hinting at potential areas for further exploration in security research. The initial assessment found no vulnerabilities, but the unique setup of Lambda Managed Instances presents new avenues for investigation into cross-tenant attack scenarios in serverless environments.