Skip to content
Releases GitHub

Changelog — Agent Proxy

Subscribe with RSS

Agent Proxy
All changes
Clear all

Explicit steering and enhanced access authorization events now available

Aembit regularly releases new enhancements and improvements to Aembit Edge and Aembit Cloud components to provide additional features and functionality for your Aembit environment.

The following new features and enhancements have been released:

  • Enhanced Access Authorization Events
  • Explicit Steering
  • Updated Aembit Edge Component Versions

Enhanced Access Authorization Events

Aembit automatically records and collects various types of workload metadata in access authorization events, enabling you to use this information to audit and analyze security events.

The information collected and recorded in these access authorization events has been enhanced to now capture and display additional workload metadata, including VM hostname, IP address, and process name.

For more information on access authorization events, please refer to the following technical documentation pages:

Explicit Steering

Aembit continues to look for ways to improve the overall user experience in an Aembit environment, while also providing additional functionality and features that enhance this experience. One of these ways is by enabling you to route only specific types of traffic through Aembit, via the explicit steering feature.

With explicit steering, you can now configure Client Workloads to direct only certain types of traffic to the Agent Proxy. This enables you to have more precise control of which traffic is managed by the Agent Proxy.

For more information on the explicit steering feature, please refer to the Explicit Steering page.

Aembit Edge Components Update

Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

  • Helm Chart
  • Agent Controller
  • Agent Proxy

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Tags:

Multi-Credential Provider Terraform support and Prometheus metrics now available

Aembit regularly releases new enhancements and improvements to Aembit Edge and Aembit Cloud components to provide additional features and functionality for your Aembit environment.

The following four new major features have been released:

  • Terraform Provider support for Access Policies with Multiple Credential Providers
  • Admin Dashboard enhancements and improvements
  • Exposure of Prometheus-compatible Aembit Edge metrics
  • Updated Edge Component Versions

Terraform Provider Support for Access Policies with Multiple Credential Providers

Aembit has released a Terraform Provider update that enables users to add multiple Credential Providers to an Access Policy.

Aembit now supports use cases where the Aembit Terraform Provider can manage Aembit Access Policies associated with individual or multiple Credential Providers.

For more information about this feature, please see the Multiple Credential Providers - Terraform page.

Admin Dashboard Enhancements and Improvements

Aembit continually makes improvements and enhancements to the Admin Dashboard to provide greater visibility and insight into your Aembit environment.

The Admin Dashboard has been updated and enhanced with additional tiles and panels that provide detailed information on Client and Server Workloads, Credential Usage by Type, the number of Access Condition failures based on Access Policies over the past 24 hours, and several other visualizations.

For more information on the Admin Dashboard and these additional panels, please see the Admin Dashboard Overview page.

Exposure of Prometheus-compatible Aembit Edge Metrics

Aembit aims to provides users with the ability to view detailed Aembit Edge metrics and data.

Aembit now exposes Prometheus-compatible metrics which enables users to view, and troubleshoot Aembit Edge Components (Agent Proxy, Agent Controller, and Agent Injector), while supporting both Kubernetes and virtual machine deployment models.

For more detailed information on how Aembit exposes Prometheus-compatible metrics, please see the Aembit Edge Prometheus-compatible Metrics page.

Aembit Edge Components Update

Aembit Edge Components have been updated to newer versions to improve overall performance and functionality.

The following components and packages have been updated:

  • Helm Chart
  • Terraform ECS Module
  • AWS Lambda Extension
  • VM Artifacts
  • Agent Controller
  • Agent Proxy

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Tags:

Edge components release with Agent Proxy idle timeout fix

Aembit Edge Components are updated on a regular basis to include new features, functionality, and package improvements.

Aembit has released new versions of the following components and packages:

  • Helm Chart
  • Terraform ECS Module
  • VM Artifacts
  • AWS Lambda
  • Agent Proxy

Agent Proxy has been updated to address a specific issue related to idle timeouts for HTTP persistent connections (currently 1 hour). If no new request comes over a connection, the request will be closed by Agent Proxy.

For the latest available versions of these components, please see the Edge Components Supported Versions page.

Tags:

Agent Proxy now injected as a native Kubernetes sidecar

Kubernetes recently introduced support for native sidecar containers. Aembit now leverages this model for the Agent Proxy, where possible.

Aembit now automatically injects the Agent Proxy as a native sidecar, allowing init container Client Workloads.

This change only applies to Kubernetes deployments of version 1.29 and above.

For more information on how you can use Agent Proxy as a sidecar to support init containers, please see the Kubernetes Deployment page.

Tags:

Aembit Edge Terraform module and ECS TLS support now available

Aembit has released two major enhancements to Aembit Edge Components: Aembit Edge Terraform Module for AWS ECS, and ECS TLS support.

Aembit ECS Terraform Registry

Aembit releases updates to the Aembit ECS Terraform Registry on a regular basis to provide users with additional features and functionality, including improvements to Agent Proxy and Agent Controller.

For more information on the latest ECS Terraform Registry release, please see the Aembit Terraform Registry page.

ECS TLS Support

Aembit has released an ECS deployment enhancement that enable Transport Layer Security (TLS) between the Agent Proxy and Agent Controller using Aembit-provided Private Key Infrastructure (PKI).

There is no option to use your own PKI for ECS deployments.

Tags:

Dynamic steering to specific hostnames now available

Aembit now supports dynamically steering only specific traffic to the Agent Proxy.

The dynamic steering feature introduces the ability to restrict this proxied traffic to a specific list of hostnames. When this feature is enabled, only egress traffic to the user-specified hostnames will be proxied. This enables you to have more precise control over which destinations’ traffic is managed by the Agent Proxy.

Tags:

Non-root Aembit containers and configurable Agent Proxy file descriptor limits

Aembit has released two new feature updates that enhance existing Aembit functionality.

Aembit Containers

All injected Aembit containers are now run as non-root users.

Agent Proxy File Descriptor Limits

Users may configure limits for the number of file descriptors Agent Proxy is allowed to open on a VM. You may configure this number when Agent Proxy is installed (using the AEMBIT_FD_LIMIT flag).

virtual machines

  • Default Limit - 65535, set by Agent Proxy installer

  • Configuration - This limit is configurable via the AEMBIT_FD_LIMIT environment variable. This value is passed directly to systemd in Agent Proxy’s service file at the time of installation.

  • Example - AEMBIT_FD_LIMIT=200000 [...] ./install

Kubernetes

  • Default Limit - This limit is inherited from container runtime.

  • Configuration - There is no official support without modifying the underlying runtime. For more information on configuring these limits, please see the Kubernetes limits support GitHub thread.

AWS ECS

  • Default Limit - 1024

  • Configuration - This limit is configurable via the ECS Task Definition API or ECS Dashboard. Please refer to the AWS ECS Developer Guide for more detailed information on how to configure these limits.

AWS Lambda

  • Default Limit - 1024

  • Configuration - This limit is not configurable. For more information, please refer to the AWS Lambda Developer Guide.

Tags:

Graceful Agent Proxy shutdown for sidecars

In some cases, you may find it necessary to manually shut down Agent Proxy when the main container exits, but a sidecar is still running. Since you may not want to kill the whole job, since it will look like a cancelled job, Aembit now provides a solution that enables you to gracefully terminate the job while allowing the sidecar to still run.

For more detailed information on this feature, please refer to the Agent Proxy Shutdown page.

Tags:
Copyright © 2026. All rights reserved.Privacy PolicyTerms of ServiceTrust CenterContact Aembit