To increase the available deployment options for Amazon Web Services (AWS) Lambda users, Aembit now provides a Lambda
Layer to support zip-based Lambda Functions. This joins our existing AWS Lambda
Container support.
For more detailed information on how to deploy Aembit Edge Components to AWS Lambda Functions using our Lambda Layer,
please refer to the AWS Lambda Functions
documentation.
Introducing Global Policy Compliance for centralized security enforcement across your Aembit environment. This
feature allows administrators to establish organization-wide security standards for Access Policies and Agent
Controllers, ensuring consistent security practices and preventing the creation of policies that might inadvertently
expose resources.
With Global Policy Compliance, you can enforce requirements for Trust Providers and Access Conditions across all Access
Policies, as well as Trust Provider and TLS Hostname requirements for Agent Controllers. The three-tier enforcement
model lets you set requirements as Required, Recommended (default), or Optional based on your organization’s security
needs.
Global Policy Compliance visually identifies non-compliant components through color-coded status icons:
- Red indicators for required but missing elements
- Yellow indicators for recommended but missing elements
- Green indicators for compliant Access Policies
- Gray indicators for disabled or not active Access Policies
To learn more about Global Policy Compliance, see the Global Policy Compliance
Overview.
Introducing OIDC ID Token Credential Provider for secure identity token generation and exchange with third-party
services. By leveraging Aembit’s custom Identity Provider (IdP) capabilities, this Credential Provider generates
JWT-formatted tokens that seamlessly integrate with various Workload Identity Federation (WIF) solutions.
The OIDC ID Token Credential Provider offers flexible configuration options including:
- Custom claims configuration with both dynamic and literal subject support
- Choice of signing algorithms (RS256 or ES256)
- Integration with identity brokers such as AWS STS, GCP WIF, Azure WIF, and HashiCorp Vault
This new Credential Provider is particularly valuable for:
- Secure access to cloud provider resources through their WIF solutions
- Authentication with HashiCorp Vault using OIDC tokens
- Integration with any service supporting OIDC/JWT authentication
To learn more about this feature, see About the OIDC ID Token Credential
Provider.
Introducing Log Stream for Splunk SIEM to enhance your security monitoring capabilities. This integration enables
rapid streaming of Aembit Edge event logs and audit logs directly to Splunk using Splunk’s HTTP Event Collector (HEC)
protocol.
By connecting Aembit with Splunk SIEM, you can:
- Enhance threat detection with comprehensive security data
- Improve incident management through centralized logging
- Streamline compliance monitoring for your organization
The setup process is straightforward, requiring only a properly configured HTTP Event Collector in your Splunk
environment and a few configuration steps in the Aembit Admin UI. Aembit will automatically send email notifications if
Log Stream transactions consistently fail, ensuring you’re always aware of your logging status.
To learn more about setting up this integration, see How to stream Aembit events to Splunk
SIEM.
