How to Configure FTP on AWS EC2
When I need to send or receive data/files from one system to another system in a secure way, in my mind there is only one protocol which is FTP(File Transfer Protocol).
File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and a server on a computer network.
Below are the basic steps to set up an FTP on AWS EC2 instance(I’m using Amazon Linux AMI)
Step 1 — Getting started
Login to your AWS EC2 instance via terminal. Click here to know the logging procedure to EC2 instance.
sudo su //to access as root.yum update -y //to update your server to latest stable releaseyum install vsftpd // to install the ftp plug-ins.
Step 2 — Open up the FTP ports on your EC2 instance
Next, you’ll need to open up the FTP ports on your EC2 server. Log in to the AWS EC2 Management Console and select Security Groups from the navigation tree on the left. Select the security group assigned to your EC2 instance. Then select the Inbound tab, then click Edit:
Add two Custom TCP Rules with port ranges 20–21 and 1024–1048. For Source, you can select ‘Anywhere’. If you decide to set Source to your IP address, be aware that your IP address might change if it is being assigned via DHCP.
Step 3 — update the vsftpd.conf file
Edit your vsftpd conf file by typing:
> sudo vi /etc/vsftpd/vsftpd.conf
Disable anonymous FTP by changing this line:
anonymous_enable=YES
to
anonymous_enable=NO
Then add the following lines to the bottom of the vsftpd.conf file:
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<Public IP of your instance>
Your vsftpd.conf file should look something like the following — except make sure to replace the pasv_address with your public-facing IP address:
To save changes, press escape, and then type:wq
, then hit enter.
Step 4 — Restart vsftpd and create an FTP user
Restart vsftpd by typing:
sudo /etc/init.d/vsftpd restartORsudo systemctl restart vsftpd
Create a new user on EC2 instance through below commands:
adduser awsftpuser
passwd awsftpuser
After executing the above two commands enter your new password (In password column type your ‘username’). Here I’ve chosen ‘awsftpuser’ as my username.
Step 5 — Restricting user to their Home directory
At this point, your FTP users are not restricted to their home directories. That’s not very secure, but we can fix it pretty easily.
Edit your vsftpd conf file again by typing:
sudo vi /etc/vsftpd/vsftpd.conf
Un-comment out the line (Remove # argument)
chroot_local_user=YES
Save and quit as before and then restart vsftpd (as in point 4).
Step 6 -Change / Set user’s FTP home directory & give group permissions
Enter the below command into the terminal to set the user (in this case our awsftpuser user — replace this with your actual username!) home directory. In this example, I’m saying the httpd is the user’s root.
sudo usermod -d /etc/httpd/ awsftpuser
Then, make sure the awsftpuser is the part of the group which owns the files in this folder, to allow them to upload/change/delete as you wish. To check the ownership status of files in your httpd folder, do the following.
cd /etc/httpd/ // navigate to the folder
ls -l
It will output the permissions and ownership and group for the files in this directory. In our case “root” is the group which we need to assign it to awsftpuser.
Now to assign your user to the group run the below command and restart vsftpd.
usermod -a -G <your group name> awsftpusersudo systemctl vsftpd //restart vsftpd
NOTE:- vsftpd doesn’t automatically start when your server boots. If you’re like me, that means that after rebooting your EC2 instance, you’ll feel a moment when FTP seems to be broken — but in reality, it’s just not running! To fix that run the below command:
> sudo chkconfig --level 345 vsftpd on
Facing Issue in accessing FTP??
If you are facing issue while copy file to FTP server or logging in into FTP, try the below solution:
The vsftpd version that comes with Ubuntu 12.04 Precise does not permit chrooted local users to write by default. By default, you will have this in /etc/vsftpd/vsftpd.conf
:
chroot_local_user=YES
write_enable=YES
To allow local users to write, you need to add the following parameter:
allow_writeable_chroot=YES
All Done! This should fix your issue. Now download FileZilla(For your Windows/Mac OS) and log in your EC2 instance. Here host:- <yourpublicip> then your FTP username and password.
For example, I’ve copied a sample file “variables.tf” to the instance and the same was copied.
Conclusion
We usually used to do this setup on the Windows machine, but this time we have set up FTP on AWS EC2, now we can share files/folders and create/modify them accordingly.
This Blog has been moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.