Optional Configuration
Other common configurations for the Sym CLI that may be useful.
Setting a Default Resource
Use this so you don't have to specify the same sym resource on every sym command
Prepending SYM_RESOURCE
to every command can get tiresome. You can specify a default resource to run commands against using sym defaults
, so that you only have to specify one manually when you want to override that default.
$ sym defaults:set resource staging
$ sym defaults resource
staging
$ sym resources
prod (Prod)
* staging (Staging)
dogfood (Dogfood)
$ sym ssh i-05d82887a11ef35d2
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1111-aws x86_64)
You can unset a default with
sym defaults:unset resource
.
Configuring SAML Clients
The Sym CLI supports both aws-okta and saml2aws.
When Sym is connected to your IDP (such as Okta), escalated access to resources is often granted by temporarily adding you to a group that has delegated permission to assume an IAM Role.
This works by using your IdP credentials to obtain a SAML assertion containing the Role you want to assume, which AWS has previously been configured to accept in exchange for temporary STS credentials.
Most organizations handle the IDP-to-STS-via-SAML dance with one of two tools: aws-okta or saml2aws. Sym supports both of these tools. Normally, sym
will simply select the best option (saml2aws
if you have it installed, else the now-unmaintained aws-okta
).
This is configurable by passing the --saml-client
flag to sym
, which defaults to auto
.
Value | Behavior |
---|---|
| Default to the |
| Use the |
| Use the |
| Use predefined named AWS profiles unconditionally. |
A common case for explicitly specifying a value is if both utilities are installed, but only one is set up.
For example, to list all EC2 instances in the prod
environment using aws-okta
, even if you have saml2aws
installed, run the following:
sym --saml-client=aws-okta exec prod -- aws ec2 describe-instances
Disabling Auto-Updates
By default, sym
will check for updates and update itself once a day. If you'd like to disable this, you can run the following:
sym config:set autoupdate false
Disabling Telemetry
By default, sym
will send analytics events to Segment so we can understand how people are using our product. If you'd like to disable this, you can run the following:
sym config:set analytics false
Updated 12 months ago