With the Segment Log Destination, you can send the full stream of Reporting events from Sym to any destination supported by Segment.

Connect Sym with your AWS Secrets Manager

Follow the Manage Secrets with AWS Secrets Manager tutorial to connect your AWS Secrets Manager with the Sym Runtime.

Configure Segment Write Key

For Sym to send Logs to Segment, you will need to create a Segment Write Key and share it with Sym

Create a Python Source

You will need to add a Python Source in your Segment Workspace for Sym's logs.

In the Sources tab, click "Add Source", and create a Python Source. Name it appropriately (e.g. Sym Audit Logs

Share Segment Write Key with Sym

Follow the Share Secrets with the Sym Runtime tutorial to share your credentials. We recommend using the plain style secret.

# Note: This example snippet shows only the Segment specific resources.

# aws secretsmanager put-secret-value --secret-id "main/segment-write-key" --secret-string "YOUR-SEGMENT-WRITE-KEY"
resource "aws_secretsmanager_secret" "segment_write_key" {
  name        = "main/segment-write-key"
  description = "Segment Write Key for Sym Audit Logs"

  tags = {
    # This SymEnv tag is required and MUST match the `environment` in your `runtime-connector` module
    # because the aws/secretsmgr only grants access to secrets tagged with a matching SymEnv value
    SymEnv = "main"

resource "sym_secret" "segment_write_key" {
  # `sym_secrets` is defined in "Manage Secrets with AWS Secrets Manager"
  source_id = sym_secrets.this.id
  path      = aws_secretsmanager_secret.segment_write_key.name

Add a Segment Integration

Define a sym_integration resource with type = segment. This integration will specify the Segment write key, will be used in the Segment Log Destination configuration

  • external_id: Your Segment Workspace name
  • write_key_secret: A required setting which must be set to the ID of a sym_secret referencing your Segment write key
resource "sym_integration" "segment" {
  type = "segment"
  name = "main-segment-integration"
  # Your Segment Workspace name
  external_id = "sym-test"
  settings = {
    # This secret was defined in the previous step
    write_key_secret = sym_secret.segment_write_key.id

Add a Log Destination

Define a sym_log_destination resource with type = segment.

  • integration_id: The segment Integration referencing your Segment write key
resource "sym_log_destination" "segment" {
  type           = "segment"
  integration_id = sym_integration.segment.id
  settings = {
    # A unique name for this log destination
    stream_name = "segment-main"

Add the Log Destination to your Environment

Each sym_environment accepts a list of Log Destinations to send reporting logs to. Add the ID of the Log Destination you just defined to the log_destination_ids list.

resource "sym_environment" "this" {
  name            = "main"
  runtime_id      = sym_runtime.this.id
  error_logger_id = sym_error_logger.slack.id
  # Add your log destinations here
  log_destination_ids = [sym_log_destination.segment.id]

  integrations = {
    slack_id = sym_integration.slack.id

Full Example

You can find the complete code for this example in our Segment Log Destination Example.