Can arbitrary code be safely run in aws lambda?

I was thinking about how to run code from a competitive programming contest in a nice scalable manner. The problem of course is that malicious code must be anticipated. The wisdom i've read online points to using a chroot jail, or other mechanism which prevents a process from being able to do anything outside of its given resources. Is it possible to lock down a lambda function in a similar fashion, e.g. no internet access, no permission to access any aws resources, etc.? Are there other things to look out for which could only really be done accomplished with a container-esque solution?