Skip to content
This repository has been archived by the owner on Jun 3, 2024. It is now read-only.

Latest commit

 

History

History
46 lines (40 loc) · 5.97 KB

README.md

File metadata and controls

46 lines (40 loc) · 5.97 KB

Sym Implementation Examples

This repo provides full end to end examples for implementing various Sym Flows.

Full Sym docs can be found here:

Content

Each folder in this repo represents a full end to end Sym Flow.

Example Description
Approval-Only Flow A foundational Sym Flow for audited approvals
Aptible Access Strategy A Sym Flow that escalates the requester to an Aptible role
AWS IAM Group Escalation A Sym Flow that escalates a user to an AWS IAM Group
Invoke AWS Lambda from impl.py A Sym Flow that invokes an AWS Lambda from a hook in impl.py
Custom Escalation with AWS Lambda A Sym Flow that invokes an AWS Lambda for custom access management
AWS IAM Identity Center (AWS SSO) Escalation A Sym Flow that assigns a user to an AWS Permission Set in a given AWS account
Datadog Log Destination A Sym Environment configured to send logs to Datadog via AWS Kinesis Firehose
GitHub Access Strategy A Sym Flow that escalates the requester to a GitHub Repository
GitHub Access Strategy with Dynamic Targets A GitHub Access Strategy that uses Dynamic Targets to populate the repository name
Google Group Access Strategy A Sym Flow that escalates the requester to a Google Group
KnowBe4 SDK Integration Use the KnowBe4 SDK to auto-approve requests if the requester completed specific training
Okta Group Escalation A Sym Flow that escalates the requester to an Okta Group
Okta SDK Integration Use the Okta SDK to create custom auth hooks and to get user profile data
Auto-approve PagerDuty On-call Engineer A Sym Flow that auto-approves requests if the requester is on-call in PagerDuty
AWS Kinesis Firehose to S3 Bucket Log Destination A Sym Environment configured to send logs to an S3 bucket via AWS Kinesis Firehose
Segment Log Destination A Sym Environment configured to send logs to Segment
Tailscale SSH Access A Sym Flow that escalates the requester to a Tailscale Group with SSH access

Advanced

Advanced examples go beyond explaining the basics of Sym resources. Here you'll get deeper into setting up the target systems Sym is integrating with.

Advanced Example Description
Approve a CircleCI Job from Sym A Sym Flow that is triggered from CircleCI by the Sym Orb and then resumes the paused CircleCI workflow after approval
JIT access to multiple AWS Organizations Grant access to multiple tenant AWS Organizations from a centralized host AWS organization
JIT access to SSH to EC2 A Sym Flow that grants SSH access to EC2 instances via AWS IAM Identity Center and AWS Session Manager
Custom Integration A Sym Flow that uses a Custom Integration to wire in services that aren't directly supported by the SDK
Least Privilege S3 with K9 Security Use a least-privilege bucket policy from K9 Security along with a Sym Flow to manage access to S3
Multiple Environments Use Sym Environments and Terraform modules to easily deploy a separate test Sym Flow
MySQL Temp User Strategy A Sym Flow that invokes an AWS Lambda to create temporary users to access to an AWS-hosted MySQL instance
Postgres Role Strategy A Sym Flow that invokes an AWS Lambda to temporarily grant users additional roles in an AWS-hosted PostgreSQL instance
Postgres Temp User Strategy A Sym Flow that invokes an AWS Lambda to create temporary users to access an AWS-hosted PostgreSQL instance