FTP Tutorials

How to configure FTP on AWS EC2

By Binh No Comments #aws ec2 ftp #configure vsftpd #File transfer softwares #ftp setup #security group

When it comes to transferring data from one system to another system, there are so many options out there that we can use to achieve what we want. One of them is a well-known protocol which is FTP(File Transfer Protocol).

File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and a server on a computer network.

Below are the basic steps to set up an FTP on an AWS EC2 instance(I’m using Ubuntu 20.04 AMI). I would recommend that we should use vsftpd  (very secure FTP daemon), which is an FTP server for Unix-like systems, including Linux. It is the default FTP server in the Ubuntu, CentOS, and RHEL Linux distributions, etc.

Step 1 – Install vsftpd service

Login to your AWS EC2 instance via terminal.

Run these commands to install vsftpd service:

sudo su                             //to access as root
apt-get update                      //to update your server to latest stable release
apt-get install vsftpd -y           //to install the vsftpd service

Step 2 – Open the FTP ports in VPC on your EC2 instance

Next, you’ll need to open up the FTP ports on your EC2 instance so that we can access FTP server from the public.

Log in to the AWS EC2 Manangement Console -> Select Security Groups from the the navigation tree on the left -> Select the security group attached to your EC2 instance (I named it as “ftp” here) -> Select the Inbound rules tab -> then click Edit inbound rules

Add two Custom TCP Rules with port ranges 20-21 and 10000-11000. For Source, you can select “Anywhere”. If you want to set a fixed IP for your Source. Remember to keep it up-to-date in case your IP address is changed accidentally.

Step 3 – configure the vsftpd.conf file

Depends on your Linux distributions, your vsftpd.conf file could be /etc/vsftpd.conf or /etc/vsftpd/vsftpd.conf

  1. Backup vsftpd’s original config file
cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
  1. Edit your vsftpd.conf file by running this command
nano /etc/vsftpd.conf
  1. Add the following content to the file:
allow_writeable_chroot=YES
anonymous_enable=NO
chmod_enable=NO
chroot_local_user=YES
guest_enable=YES
guest_username=ftpusers
hide_ids=YES
listen=YES
local_enable=YES
ls_recurse_enable=YES
max_clients=128
max_per_ip=16
nopriv_user=ftpnobody
pam_service_name=vsftpd
secure_chroot_dir=/var/run/vsftpd/empty
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpduserlist.conf
userlist_deny=NO
write_enable=YES
xferlog_enable=YES
connect_from_port_20=NO
# Here is main configuration for vsftpd.conf to make your FTP server can be accessible from public
pasv_enable=YES
pasv_min_port=10000
pasv_max_port=11000
pasv_address=<Public IP Address of your EC2 instance>
  1. Save by Ctrl + O and hit Enter to confirm, and close by Ctrl + X to exit. Noted that vsftpd service has many configuration options so that you can make adjustments based on your desires

If you want to configure vsFTPd service behind a Security Group while using external and internal IPs for addressing the issue of data transfer cost on AWS. You may want to check out How to configure VSFTPD server behind a firewall for handling internal and external IPs that will help you achieve the goal.

Setup Directory Structure For an FTP User

  1. Create a user called testuser1
adduser testuser1
passwd testuser1

After executing the above two commands enter your new password when asked at the prompt

  1. Create a directory and set ownership for testuser1
mkdir /home/testuser1/ftp
chown nobody:nogroup /home/testuser1/ftp
chmod a-w /home/testuser1/ftp
  1. Create a directory where files can be uploaded and give ownership to the testuser1
mkdir /home/testuser1/ftp/upload
chown testuser1:testuser1 /home/testuser1/ftp/upload
  1. Add the testuser1 user that we created to /etc/vsftpduserlist.conf
nano /etc/vsftpduserlist.conf
  1. Restart vsftpd service to apply the changes modified in /etc/vsftpd.conf, also set vsftpd service start on boot
systemctl restart vsftpd
systemctl enable vsftpd

All done now! You can use your favourite FTP client to test uploading files. You can log in to your host: <your public IP> and then enter your FTP username and password.

If you’re interested in building up an SFTP server, I also wrote Secure File Transfers: Setting Up SFTP on Ubuntu 24.04 to walk you through the process. Hope you enjoy reading that.

Discover more from Turn DevOps Easier

Subscribe to get the latest posts sent to your email.

By Binh

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents

Content on this page