Sym System Diagrams

These diagrams cover the basic components of the Sym platform.

Overview

The Sym platform is essentially a state machine that mediates access to Sym Access Targets via peer and rules driven approvals, using a combination of Slack and Sym's Python SDK.

πŸ“˜

The Sym State Machine

For more information about the step-by-step breakdown of Sym Flows, see The Sym State Machine

Simplified Diagram

The basic layout of Sym is as follows:

  • Users invoke the platform via Slack
  • Sym's platform is configured via Terraform and Sym's Python SDK
  • When invoked, Sym mediates access via a combination of AWS resources and SaaS configurations.
19831983

πŸ“˜

Sym Approval Flows

For more information about how Sym's configurations and flows work and look for implementers and users, see Sym Approval Flows

Detailed diagram

Diving a bit deeper, the Sym system operates by assuming roles in AWS to:

  • Move users in and out of IAM and SSO roles
  • Operate customer-defined Lambdas
  • Fetch and use secrets for mediating SaaS access and invoking methods in the Sym SDK

From there, Sym Approvals provide gating via three core types of Access Strategy:

  • First party integrations for common escalation workflows like AWS SSO, Okta, and GitHub.
  • Sym's AWS Lambda Strategy can invoke Lambdas inside of a customer's VPC to mediate access, and/or trigger remote calls to other services like Postgres or RDS.
  • Sym's Custom Integrations framework enables customers to write their own full escalation Strategies in Python.
41094109