Sym System Diagrams

These diagrams cover the basic components of the Sym platform.


The Sym platform is essentially a state machine that mediates access to Sym Access Targets via peer and rules driven approvals, using a combination of Slack and Sym's Python SDK.


The Sym State Machine

For more information about the step-by-step breakdown of Sym Flows, see The Sym State Machine

Simplified Diagram

The basic layout of Sym is as follows:

  • Users invoke the platform via Slack
  • Sym's platform is configured via Terraform and Sym's Python SDK
  • When invoked, Sym mediates access via a combination of AWS resources and SaaS configurations.


Sym Approval Flows

For more information about how Sym's configurations and flows work and look for implementers and users, see Sym Approval Flows

Detailed diagram

Diving a bit deeper, the Sym system operates by assuming roles in AWS to:

  • Move users in and out of IAM and SSO roles
  • Operate customer-defined Lambdas
  • Fetch and use secrets for mediating SaaS access and invoking methods in the Sym SDK

From there, Sym Approvals provide gating via three core types of Access Strategy:

  • First party integrations for common escalation workflows like AWS SSO, Okta, and GitHub.
  • Sym's AWS Lambda Strategy can invoke Lambdas inside of a customer's VPC to mediate access, and/or trigger remote calls to other services like Postgres or RDS.
  • Sym's Custom Integrations framework enables customers to write their own full escalation Strategies in Python.