You only need to connect to AWS once!
If you generated an AWS Flow with
symflow generate
, you will already have these resources configured! If so, you do not need to configure them again.
Overview
Sym provides several first-party integrations with AWS Services:
- Managing AWS IAM Group Membership
- Invoking AWS Lambdas as an Access Strategy or from hooks
- Managing AWS SSO Access
- Reporting through AWS Kinesis Firehose and AWS Kinesis Data Stream
In order for Sym to integrate with these AWS Services, you must give the Sym Runtime the correct IAM Roles and policies to access your AWS Account's resources.
Connect the Sym Runtime with your AWS Account
Follow the instructions in Connecting Sym to AWS to set up a runtime.tf
file and create the Runtime Connector IAM Role to allow Sym to take actions in your AWS account.
Declare a sym_runtime
Resource
sym_runtime
ResourceIn Connecting Sym to AWS, we created a runtime.tf
file that declares a sym_integration.runtime_context
resource. We need to pass this runtime_context
integration to a sym_runtime
resource to be included in your sym_environment
.
Add a sym_runtime
resource to your runtime.tf
file, with the context_id
set to sym_integration.runtime_context.id
.
# ... other resources omitted
resource "sym_runtime" "this" {
name = "main"
# This tells the Sym Runtime to assume the IAM Role declared above
# when executing AWS-related Access Strategies
context_id = sym_integration.runtime_context.id
}
Add the Sym Runtime Resource to your Environment
In the environment.tf
file generated by symflow init
, locate the sym_environment
resource.
Add the sym_runtime
resource you declared above to the sym_environment
resource, which will give Flows in that environment access to the Runtime Permission Context.
# ... other resources omitted
resource "sym_environment" "this" {
name = "main"
# Add the runtime_id here to tell the AWS Flows in this environment
# to use the Permission Context Integration defined in this sym_runtime resource.
runtime_id = sym_runtime.this.id
# ... other values omitted
}
Updated 10 days ago