Run Privileged Commands
Use exec to run any privileged commands, like you can with other tools.
Once approved for a given resource, you can execute commands with temporary elevated credentials for that resource using sym exec RESOURCE -- command
.
Steps
- Make sure you've installed Sym and logged in. For this guide, we'll assume you see a Sym resource called
prod
when you list resources. - Request Access to the
prod
resource and wait for it to be approved. - Use the
sym exec
command:
For example, after successfully requesting access to the prod
resource, you can run aws-cli
commands against your production environment:
$ sym exec prod -- aws ec2 describe-instances
{
"Reservations": [
{
"Groups": [],
"Instances": [
{ ... }
],
...
}
]
}
sym exec
works very similarly toaws-okta exec
oraws-vault exec
If you need a copy of the credentials for the elevated role, you can simply access the environment variables.
$ sym exec prod -- env | grep AWS
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=%%%
AWS_SECRET_ACCESS_KEY=%%%
AWS_SESSION_TOKEN=%%%
AWS_SECURITY_TOKEN=%%%
AWS_SESSION_EXPIRATION=2020-04-16T11:16:27Z
You can also use the
SYM_RESOURCE
environment variable to specify the resource, which makes commands likeexec
more ergonomic:SYM_RESOURCE=prod sym exec env
Updated over 1 year ago
Did this page help you?