Automating user management
SFTP Gateway 2.0 includes tools for automating user management.
- CLI: run commands from the server’s command line
- REST API: run commands remotely over HTTPS
Both tools let you manage both user and server settings related to SFTP Gateway.
Command Line Interface
The CLI requires that you SSH into your EC2 instance. You also need
sudo access, which the
ec2-user has by default.
All user management commands are performed using
This command is similar to the AWS CLI, in that you can access the documentation via
sudo sftpgw.sh help.
You should see the following output:
AVAILABLE COMMANDS o create-user o delete-user
To see the documentation on creating a user, type
sudo sftpgw.sh create-user help. You should see the following:
SYNOPSIS create-user --username <value> [--bucket-name <value>] ... OPTIONS --username (string) The user name --bucket-name (string) The S3 bucket where the user's files will be stored. If left blank, defaults to the server's default bucket.
You can create a user with this command:
sudo sftpgw.sh create-user --username robtest --bucket-name my-bucket-name
For a walk through on common user creation CLI options, see 2.0 Command Line Interface Overview
The REST API lets you run user management commands remotely over HTTPS. These commands can be performed from a sysadmin’s desktop, or an event-driven process that can call a script.
Each REST API call requires a token that proves you have authorization to perform the action. You can acquire this token by authenticating against a login endpoint.
One you have this token, you can make various API calls. These are documented in our Swagger documentation.
Obtaining a Bearer token
A Bearer token is a dynamic token that proves your identity and access. You obtain this by sending a
POST to the
backend/login endpoint. This
POST body contains your admin password that you created when you spun up the CloudFormation template.
For full instructions on obtaining a Bearer token, see: 2.0 Getting an Auth Token
Accessing the Swagger documentation
Once you have the Bearer token, you can use it to make REST API calls. These are documented in Swagger, which you can access via
Note: make sure you’re accessing it over
HTTP rather than
Making REST API calls
Using the Swagger documentation, you can perform actions such as getting a list of all users:
curl -X GET \ https://<your sftpg ip>/backend/api/users \ -H 'Authorization: Bearer <token>' -k`
To see some working examples, refer back to the Bearer token documentation: 2.0 Getting an Auth Token
An important note: Notice that you are making the call against
/backend/api/users, rather than
/api/users. This is because you need to prepend
backend when using HTTPS (this is how Nginx knows you’re hitting the API instead of the UI).