Use this so you don't have to specify the same sym resource on every sym command
SYM_RESOURCE to every command can get tiresome. You can specify a default resource to run commands against using
sym defaults, so that you only have to specify one manually when you want to override that default.
$ sym defaults:set resource staging $ sym defaults resource staging $ sym resources prod (Prod) * staging (Staging) dogfood (Dogfood) $ sym ssh i-05d82887a11ef35d2 Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1111-aws x86_64)
You can unset a default with
sym defaults:unset resource.
The Sym CLI supports both aws-okta and saml2aws.
When Sym is connected to your IDP (such as Okta), escalated access to resources is often granted by temporarily adding you to a group that has delegated permission to assume an IAM Role.
This works by using your IdP credentials to obtain a SAML assertion containing the Role you want to assume, which AWS has previously been configured to accept in exchange for temporary STS credentials.
Most organizations handle the IDP-to-STS-via-SAML dance with one of two tools: aws-okta or saml2aws. Sym supports both of these tools. Normally,
sym will simply select the best option (
saml2aws if you have it installed, else the now-unmaintained
This is configurable by passing the
--saml-client flag to
sym, which defaults to
Default to the
Use predefined named AWS profiles unconditionally.
A common case for explicitly specifying a value is if both utilities are installed, but only one is set up.
For example, to list all EC2 instances in the
prod environment using
aws-okta, even if you have
saml2aws installed, run the following:
sym --saml-client=aws-okta exec prod -- aws ec2 describe-instances
sym will check for updates and update itself once a day. If you'd like to disable this, you can run the following:
sym config:set autoupdate false
sym will send analytics events to Segment so we can understand how people are using our product. If you'd like to disable this, you can run the following:
sym config:set analytics false
Updated 12 months ago