Why Lambda + Meridian?
Serverless functions are ephemeral by nature — cold starts, stateless execution, and unpredictable concurrency. Traditional licensing servers with persistent sessions break under these conditions. Meridian's offline-first license validation uses Ed25519-signed payloads that verify in-process with zero network calls, making it a natural fit for Lambda's execution model.
Architecture
Bundle the license file
Include your license.meridian in the Lambda deployment package. The file is a signed binary blob — tamper-proof and self-verifying.
Validate on cold start
Call meridian_verify() during init (outside the handler). The C ABI library loads once per sandbox and caches the validation result in process memory.
Enforce in the handler
Check the cached result at the top of every invocation. Rejected? Return 403 immediately. No per-request overhead.
Lambda Handler (Python)
import json
from ctypes import CDLL, c_char_p, c_int
meridian = CDLL("./libmeridian.so")
meridian.meridian_verify.argtypes = [c_char_p]
meridian.meridian_verify.restype = c_int
LICENSE_PATH = "./license.meridian"
_valid = None
def init():
global _valid
_valid = meridian.meridian_verify(
LICENSE_PATH.encode()
) == 0
# Runs once per cold start
init()
def handler(event, context):
if not _valid:
return {
"statusCode": 403,
"body": json.dumps(
{"error": "license_invalid"}
),
}
return {
"statusCode": 200,
"body": json.dumps(
{"status": "ok"}
),
}Cold Start Overhead
Measured on arm64 with 128 MB memory allocation. Ed25519 verification is constant-time and CPU-bound — no I/O, no network, no external dependencies.
Ready to ship?
Download the Lambda-ready shared library and a test license to get started in under 5 minutes.