Enterprise features,
developer-friendly design

Everything you need for secure infrastructure access, without the complexity of traditional solutions.

Zero-Trust Architecture

No exposed ports, no attack surface

Traditional remote access requires opening inbound ports—SSH on 22, VPN on various ports. Each open port is an attack vector. EpochProxy flips the model: agents connect outbound only.

  • Agents initiate all connections (outbound WebSocket)
  • No firewall rules to manage on target hosts
  • Works behind NAT, firewalls, and private networks
  • TLS encryption for all traffic
# No inbound ports needed on your server
$ sudo netstat -tlnp | grep LISTEN
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN postgres
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN redis
# No port 22, no VPN ports, no attack surface
# epoch-agent connects outbound to relay
# EC2 instance authenticates with IAM role
$ epoch-agent --auth aws-iam
Authenticating with IAM role...
Role: arn:aws:iam::123456789:role/epoch-agent
✓ Authenticated successfully
Agent registered: prod-web-01
Connected to relay: wss://relay.epoch.example
AWS IAM Authentication

Native AWS integration

EC2 instances, Lambda functions, and ECS tasks can authenticate using their IAM roles. No credentials to store, no secrets to rotate.

  • Presigned STS GetCallerIdentity for secure auth
  • Support for IAM users, roles, and assumed roles
  • Cross-account access with trust policies
  • API Gateway integration for serverless deployments
Audit & Compliance

Complete audit trail for compliance

Every authentication attempt, session start, and command execution is logged. Built for SOC 2, HIPAA, and PCI DSS compliance requirements.

  • User identity, timestamp, and source IP logged
  • Session recordings (optional)
  • Export to SIEM (Splunk, Datadog, etc.)
  • Role-based access policies with conditions

Audit Log

Session started 2 min ago

sarah@techscale.io → prod-web-01

Command executed 5 min ago

marcus@cloudops.dev: systemctl restart nginx

Authentication success 8 min ago

AWS IAM: arn:aws:iam::123:role/deploy

Access denied 15 min ago

unknown@example.com → prod-db-01 (policy violation)

And much more

Everything you need for modern infrastructure access.

Developer-Friendly CLI

Simple commands for connecting, executing, and managing agents. Integrates with your existing workflows.

Self-Hosted Deployment

Run on your infrastructure. Full control over data, no vendor lock-in, deploy anywhere.

Multi-Cloud Support

Works across AWS, GCP, Azure, and on-premise. One tool for all your infrastructure.

Role-Based Access Control

Fine-grained policies control who can access what. Patterns, conditions, and deny rules.

Usage Analytics

Track connections, data transfer, and costs. Detailed breakdowns by user and agent.

Built-in Rate Limiting

Protect against brute force and abuse. Configurable limits per user and endpoint.

Ready to try EpochProxy?

Get started with our free tier. No credit card required.

Get Started Free