vsftp FTP server backed by s3 bucket w/ anonymous read-only access

setup.sh

# install packages
sudo apt-get update && sudo apt-get -y upgrade
sudo apt-get install -y s3fs vsftpd

# start vsftpd on boot
sudo systemctl enable vsftpd

# add user to ftp group
sudo usermod -a -G ftp ubuntu

# configure s3fs (replace {key} & {secret} with your AWS credentials and {bucket} with your bucket name
echo {key}:{secret} | sudo tee /etc/passwd-s3fs
sudo chmod 600 /etc/passwd-s3fs
echo "s3fs#{bucket} /srv/ftp fuse _netdev,allow_other,umask=0022,uid=$(id -u root),gid=$(id -g ftp) 0 0" | sudo tee -a /etc/fstab 
sudo mount -a

# configure firewall
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 10090:10100/tcp

# configure vsftp
echo 'anonymous_enable=YES' | sudo tee -a /etc/vsftpd.conf
echo 'local_enable=NO' | sudo tee -a /etc/vsftpd.conf
echo 'write_enable=NO' | sudo tee -a /etc/vsftpd.conf
echo 'chroot_local_user=YES' | sudo tee -a /etc/vsftpd.conf
echo 'allow_writeable_chroot=YES' | sudo tee -a /etc/vsftpd.conf
echo 'pasv_enable=yes' | sudo tee -a /etc/vsftpd.conf
echo 'pasv_min_port=10090' | sudo tee -a /etc/vsftpd.conf
echo 'pasv_max_port=10100' | sudo tee -a /etc/vsftpd.conf
echo "pasv_address=$(curl http://169.254.169.254/latest/meta-data/public-ipv4/)" | sudo tee -a /etc/vsftpd.conf
echo 'seccomp_sandbox=NO' | sudo tee -a /etc/vsftpd.conf
echo 'listen_ipv6=NO' | sudo tee -a /etc/vsftpd.conf
echo 'listen=YES' | sudo tee -a /etc/vsftpd.conf
sudo systemctl restart vsftpd

Security group:

Type	Protocol	Port Range	Source
SSH	TCP	22	0.0.0.0/0
Custom TCP Rule	TCP	21	0.0.0.0/0
Custom TCP Rule	TCP	10090 - 10100	0.0.0.0/0
Custom TCP Rule	TCP	20	0.0.0.0/0