See Amazon tutorial: Getting Started with Amazon EC2 Linux Instances
See Amazon tutorial: Installing a LAMP Web Server on Amazon Linux
From the console or the AWS CLI, create new security group for FTP access and attach to EC2 instance (optional) or edit an existing security group attached to EC2 instance. Next, add new inbound rules to allow access via FTP ports.
Type | Protocol | Port Range | Source |
---|---|---|---|
Custom TCP Rule |
TCP |
20 - 21 |
0.0.0.0/0 |
Custom TCP Rule |
TCP |
1024 - 1048 |
0.0.0.0/0 |
Source
0.0.0.0/0
opens the port to any IPv4 address. To restrict access to a specific IP address, replace0.0.0.0/0
with your address, e.g.www.xxx.yyy.zzz/32
SSH into EC2 instance (tutorial) and install vsftpd:
$ sudo yum install vsftpd
Use Linux's nano
tool to open and edit vsftpd.conf
from the command line:
$ sudo nano /etc/vsftpd/vsftpd.conf
Change anonymous_enable
from YES
to NO
(optional). This will disable anonymous FTP users:
anonymous_enable=NO
Set chroot_local_user
to YES
(optional). This will restrict users to their home directories for security. This line may already exist but is commented out with #
:
chroot_local_user=YES
Add the following to the end of the file. Replace <YOUR_IP>
with the public IP of your EC2 instance:
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<YOUR_IP>
Change the default FTP upload folder (optional). Add the following to the end of the file:
local_root=/var/www/html
Note that you may need to use chmod
to change file permissions and allow FTP users to read and write to this folder:
$ sudo find /var/www/html -type d -exec chmod 777 {} \;
Start vsftpd service:
$ sudo /etc/init.d/vsftpd start
Set vsftpd service to automatically run when restarting server:
$ sudo chkconfig --level 345 vsftpd on
Add FTP user with adduser
. Replace <USERNAME>
with the new username to be added:
$ sudo adduser <USERNAME>
Add password for user with passwd
:
$ sudo passwd <USERNAME>
Restrict user's access to a specific folder (optional). Restrict access to folder then add to www
group to allow access to /var/www
folder:
$ sudo usermod -d /var/www/html <USERNAME>
$ sudo usermod -a -G www <USERNAME>
Restrict users to a folder of their own name (optional). With this setup, test-user
can only write to /var/www/html/test-user
. Define a variable for the username then change the local_root
to reflect the desired path:
$ sudo nano /etc/vsftpd/vsftpd.conf
user_sub_token=$USER
local_root=/var/www/html/$USER
$ sudo /etc/init.d/vsftpd restart