How to Configure FTP on AWS EC2

Ref: https://bit.ly/2D3D11m

When I need to send or receive data/files from one system to another system in a secure way, in my mind there is only one protocol which is FTP(File Transfer Protocol).

File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and a server on a computer network.

Below are the basic steps to set up an FTP on AWS EC2 instance(I’m using Amazon Linux AMI)

Step 1 — Getting started

Login to your AWS EC2 instance via terminal. Click here to know logging procedure to EC2 instance.

sudo su             //to access as root.
yum update -y       //to update your server to latest stable release
yum install vsftpd  // to install the ftp plug-ins.

Step 2 — Open up the FTP ports on your EC2 instance

Next, you’ll need to open up the FTP ports on your EC2 server. Log in to the AWS EC2 Management Console and select Security Groups from the navigation tree on the left. Select the security group assigned to your EC2 instance. Then select the Inbound tab, then click Edit:

Edit Your instance security group

Add two Custom TCP Rules with port ranges 20–21 and 1024–1048. For Source, you can select ‘Anywhere’. If you decide to set Source to your own IP address, be aware that your IP address might change if it is being assigned via DHCP.

Mention the Ftp port range

Step 3 — update the vsftpd.conf file

Edit your vsftpd conf file by typing:

> sudo vi /etc/vsftpd/vsftpd.conf

Disable anonymous FTP by changing this line:

anonymous_enable=YES

to

anonymous_enable=NO

Then add the following lines to the bottom of the vsftpd.conf file:

pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<Public IP of your instance>

Your vsftpd.conf file should look something like the following — except make sure to replace the pasv_address with your public facing IP address:

make entry to you vsftpd.conf file

To save changes, press escape and then type:wq, then hit enter.

Step 4 — Restart vsftpd and create FTP user

Restart vsftpd by typing:

sudo /etc/init.d/vsftpd restart
OR
sudo systemctl restart vsftpd

Create a new user on EC2 instance through below commands:

adduser awsftpuser

passwd awsftpuser

After executing the above two commands enter your new password (In password column type your ‘username’). Here I’ve chosen ‘awsftpuser’ as my username.

above command prompt to set password

Step 5 — Restricting user to their Home directory

At this point, your FTP users are not restricted to their home directories. That’s not very secure, but we can fix it pretty easily.

Edit your vsftpd conf file again by typing:

sudo vi /etc/vsftpd/vsftpd.conf 

Un-comment out the line (Remove # argument)

chroot_local_user=YES
Remove ‘#’ symbol

Save and quit as before and then restart vsftpd (as in point 4).

Step 6 -Change / Set user’s FTP home directory & give group permissions

Enter the below command into terminal to set the user (in this case our awsftpuser user — replace this with your actual username!) home directory. In this example, I’m saying the httpd is the user’s root.

sudo usermod -d /etc/httpd/ awsftpuser

Then, make sure the awsftpuser is the part of the group which owns the files in this folder, to allow them to upload/change/delete as you wish. To check the ownership status of files in your httpd folder, do the following.

cd /etc/httpd/        // navigate to the folder
ls -l

It will output the permissions and ownership and group for the files in this directory. In our case “root” is the group which we need to assign it to awsftpuser.

Displays root as group to httpd

Now to assign your user to the group run the below command and restart vsftpd.

usermod -a -G <your group name> awsftpuser
sudo systemctl vsftpd                         //restart vsftpd

NOTE:- vsftpd doesn’t automatically start when your server boots. If you’re like me, that means that after rebooting your EC2 instance, you’ll feel a moment when FTP seems to be broken — but in reality, it’s just not running! To fix that run the below command:

> sudo chkconfig --level 345 vsftpd on

Facing Issue in accessing FTP??

If you are facing issue while copy file to FTP server or logging in into FTP, try the below solution:

The vsftpd version that comes with Ubuntu 12.04 Precise does not permit chrooted local users to write by default. By default, you will have this in /etc/vsftpd/vsftpd.conf:

chroot_local_user=YES
write_enable=YES

In order to allow local users to write, you need to add the following parameter:

allow_writeable_chroot=YES
add the comment in your vsftpd.conf

All Done! This should fix your issue. Now download FileZilla(For your Windows/Mac OS) and Login your EC2 instance. Here host:- <yourpublicip> then your ftp username and password.

For example, I’ve copied a sample file “variables.tf” to the instance and the same was copied.

Conclusion

We usually used to do this setup on Windows machine, but this time we have set up FTP on AWS EC2, now we can share files/folders and create/modify them accordingly.