Overview

The Sym platform is essentially a state machine that mediates access to Sym Access Targets via peer and rules driven approvals, using a combination of Slack and Sym's Python SDK.

📘

The Sym State Machine

For more information about the step-by-step breakdown of Sym Flows, see The Sym State Machine

Simplified Diagram

The basic layout of Sym is as follows:

• Users invoke the platform via Slack
• Sym's platform is configured via Terraform and Sym's Python SDK
• When invoked, Sym mediates access via a combination of AWS resources and SaaS configurations.

📘

Sym Approval Flows

For more information about how Sym's configurations and flows work and look for implementers and users, see Sym Approval Flows

Detailed diagram

Diving a bit deeper, the Sym system operates by assuming roles in AWS to:

• Move users in and out of IAM and SSO roles
• Operate customer-defined Lambdas
• Fetch and use secrets for mediating SaaS access and invoking methods in the Sym SDK

From there, Sym Approvals provide gating via three core types of Access Strategy:

• First party integrations for common escalation workflows like AWS SSO, Okta, and GitHub.
• Sym's AWS Lambda Strategy can invoke Lambdas inside of a customer's VPC to mediate access, and/or trigger remote calls to other services like Postgres or RDS.
• Sym's Custom Integrations framework enables customers to write their own full escalation Strategies in Python.