Run Privileged Commands

Use exec to run any privileged commands, like you can with other tools.

Once approved for a given resource, you can execute commands with temporary elevated credentials for that resource using sym exec RESOURCE -- command.


  1. Make sure you've installed Sym and logged in. For this guide, we'll assume you see a Sym resource called prod when you list resources.
  2. Request Access to the prod resource and wait for it to be approved.
  3. Use the sym exec command:

For example, after successfully requesting access to the prod resource, you can run aws-cli commands against your production environment:

$ sym exec prod -- aws ec2 describe-instances
    "Reservations": [
            "Groups": [],
            "Instances": [
                { ... }


sym exec works very similarly to aws-okta exec or aws-vault exec

If you need a copy of the credentials for the elevated role, you can simply access the environment variables.

$ sym exec prod -- env | grep AWS


You can also use the SYM_RESOURCE environment variable to specify the resource, which makes commands like exec more ergonomic:

SYM_RESOURCE=prod sym exec env

What’s Next
Did this page help you?