Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Tutorial for configuring FTP access to an EC2 server

AWS EC2 FTP Server Configuration

Launch an EC2 Instance

See Amazon tutorial: Getting Started with Amazon EC2 Linux Instances

Install LAMP Stack on Instance

See Amazon tutorial: Installing a LAMP Web Server on Amazon Linux

Configure FTP on Instance

Open FTP Ports

From the console or the AWS CLI, create new security group for FTP access and attach to EC2 instance (optional) or edit an existing security group attached to EC2 instance. Next, add new inbound rules to allow access via FTP ports.

Type Protocol Port Range Source
Custom TCP Rule TCP 20 - 21 0.0.0.0/0
Custom TCP Rule TCP 1024 - 1048 0.0.0.0/0

Source 0.0.0.0/0 opens the port to any IPv4 address. To restrict access to a specific IP address, replace 0.0.0.0/0 with your address, e.g. www.xxx.yyy.zzz/32

Install vsftpd

SSH into EC2 instance (tutorial) and install vsftpd:

$ sudo yum install vsftpd

Configure FTP

Use Linux's nano tool to open and edit vsftpd.conf from the command line:

$ sudo nano /etc/vsftpd/vsftpd.conf

Change anonymous_enable from YES to NO (optional). This will disable anonymous FTP users:

anonymous_enable=NO

Set chroot_local_user to YES (optional). This will restrict users to their home directories for security. This line may already exist but is commented out with #:

chroot_local_user=YES

Add the following to the end of the file. Replace <YOUR_IP> with the public IP of your EC2 instance:

pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<YOUR_IP>

Change the default FTP upload folder (optional). Add the following to the end of the file:

local_root=/var/www/html

Note that you may need to use chmod to change file permissions and allow FTP users to read and write to this folder:

$ sudo find /var/www/html -type d -exec chmod 777 {} \;

Start vsftpd service:

$ sudo /etc/init.d/vsftpd start

Set vsftpd service to automatically run when restarting server:

$ sudo chkconfig --level 345 vsftpd on

Create FTP User

Add FTP user with adduser. Replace <USERNAME> with the new username to be added:

$ sudo adduser <USERNAME>

Add password for user with passwd:

$ sudo passwd <USERNAME>

Restrict user's access to a specific folder (optional). Restrict access to folder then add to www group to allow access to /var/www folder:

$ sudo usermod -d /var/www/html <USERNAME>
$ sudo usermod -a -G www <USERNAME>

Restrict users to a folder of their own name (optional). With this setup, test-user can only write to /var/www/html/test-user. Define a variable for the username then change the local_root to reflect the desired path:

$ sudo nano /etc/vsftpd/vsftpd.conf
user_sub_token=$USER
local_root=/var/www/html/$USER
$ sudo /etc/init.d/vsftpd restart

Sources:

@tylermakin

This comment has been minimized.

Copy link
Owner Author

@tylermakin tylermakin commented Jun 12, 2017

To explicitly allow one or more FTP users root access beyond the FTP folder: http://data.agaric.com/how-give-user-global-ftp-privileges-vsftpd

@tylermakin

This comment has been minimized.

Copy link
Owner Author

@tylermakin tylermakin commented Jun 12, 2017

@tylermakin

This comment has been minimized.

Copy link
Owner Author

@tylermakin tylermakin commented May 23, 2018

Connect to a Linux EC2 instance: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

ssh -i /path/my-key-pair.pem ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com

@charlesmdq

This comment has been minimized.

Copy link

@charlesmdq charlesmdq commented Dec 19, 2018

How do I add the domain in the ftp user, so the entry is of type user@domain.com? tks

@pctechtv

This comment has been minimized.

Copy link

@pctechtv pctechtv commented Jul 24, 2019

This has worked flawless for me on Amazon Linux AMI... now on Amazon Linux 2 AMI many problems - should that matter? I am getting erros like:
425 Failed to establish connection.
227 Entering Passive Mode (0,0,0,0,4,9).
FD_CONNECT - WSAEADDRNOTAVAIL: Can't assign requested address
It seems like it cannot determine what my ip address is???

@tylermakin

This comment has been minimized.

Copy link
Owner Author

@tylermakin tylermakin commented Jul 25, 2019

How do I add the domain in the ftp user, so the entry is of type user@domain.com? tks

You should be able to include it in the user name, but you may need to use quotes.

@tylermakin

This comment has been minimized.

Copy link
Owner Author

@tylermakin tylermakin commented Jul 25, 2019

This has worked flawless for me on Amazon Linux AMI... now on Amazon Linux 2 AMI many problems - should that matter? I am getting erros like:
425 Failed to establish connection.
227 Entering Passive Mode (0,0,0,0,4,9).
FD_CONNECT - WSAEADDRNOTAVAIL: Can't assign requested address
It seems like it cannot determine what my ip address is???

It sounds like you may not be using a static IP. Try that and see if it resolves your issues.

@rorkyendo

This comment has been minimized.

Copy link

@rorkyendo rorkyendo commented Apr 30, 2020

hello i had following your tutorial, and i had creating user..
the password of user is correct but it's response always return my auth user and pass was incorrect
i had 3 times change my password but it always said it was incorrect..

Command: AUTH SSL
Reply: 530 Please login with USER and PASS.
Error: Server refused FTP over TLS

thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment