Although it would be nice for AWS to explicitly say that there's one customer per hosted Lambda environment, and distinct from language-level or process-based sandboxing. From the article above you have to assume that because v1 of Lambda put one customer per EC2 instance as an expediency that it remains the case.
Nonetheless, regarding the Netflix case, nobody should be hosting long-term CA keys in Lambda or any co-hosted virtualized environment framework. These days few reputable companies except maybe Intel even bother arguing that secret keys are safe from side-channel attacks in such environments. The evidence is just too overwhelming, even for the self-deluding "if it's too complex for me to understand then it must be impossible" crowd.
I believe AWS does share customer information within a device, but with a lot of sandboxing below that. You can watch this talk to learn more:
https://www.youtube.com/watch?v=QdzV04T_kec
I think the threat model is basically that you'd need a KVM kernel 0-day + the ability to exploit it, so a point of privilege such as outside of the firecracker sandbox.
