This example uses 2 instances in a public subnet that have a security group with port 21, 10000-10001 allowed.

Creating the NLB and Target Group

 
  $ aws elbv2 create-load-balancer --name Passive-FTP --type network --subnet-mappings SubnetId=subnet-7bcb5832,AllocationId=eipalloc-0e20f30bbaa5fc9e0
  $ aws elbv2 create-target-group --name passive-targets --protocol TCP --port 21 --vpc-id vpc-73ba9814
  $ aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:us-west-2:179741345863:targetgroup/passive-targets/5def41ec1b0b2f79 --targets Id=i-0806918fcbf44caea Id=i-0914a349f1041212e
  $ aws elbv2 create-listener --load-balancer-arn arn:aws:elasticloadbalancing:us-west-2:179741345863:loadbalancer/net/Passive-FTP/073e60e761f72d17 --protocol TCP --port 21 --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-west-2:179741345863:targetgroup/passive-targets/5def41ec1b0b2f79
 

Setting up VSFTPD user

 
  $ sudo useradd ftpuser
  $ sudo passwd ftpuser
  $ sudo mkdir /var/ftp/ftpuser
  $ sudo chown -R ftpuser:ftpuser /var/ftp/ftpuser
  $ sudo cat vsftpd.chroot_list 
  ftpuser
 

VSFTPD configuration

 
  Instance1:
  pam_service_name=vsftpd
  userlist_enable=YES
  tcp_wrappers=YES
  pasv_enable=YES
  pasv_max_port=10001
  pasv_min_port=10000
  pasv_address=34.212.163.19
  chroot_local_user=YES
  chroot_list_enable=YES
  chroot_list_file=/etc/vsftpd.chroot_list
 
 
  Instance2:
  pam_service_name=vsftpd
  userlist_enable=YES
  tcp_wrappers=YES
  pasv_enable=YES
  pasv_max_port=10001
  pasv_min_port=10000
  pasv_address=34.217.195.78
  chroot_local_user=YES
  chroot_list_enable=YES
  chroot_list_file=/etc/vsftpd.chroot_list
 

Connecting to the FTP

 
  $ ftp Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com
  Connected to Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com.
  220 (vsFTPd 2.2.2)
  Name (Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com:evan): ftpuser
  331 Please specify the password.
  Password:
  230 Login successful.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> passive
  Passive mode on.
  ftp> ls
  227 Entering Passive Mode (34,217,195,78,39,17).
  150 Here comes the directory listing.
  226 Directory send OK.
  ftp> quit
  221 Goodbye.
 
 
  $ ftp Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com
  Connected to Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com.
  220 (vsFTPd 2.2.2)
  Name (Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com:evan): ftpuser
  331 Please specify the password.
  Password:
  230 Login successful.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> passive
  Passive mode on.
  ftp> ls
  227 Entering Passive Mode (34,212,163,19,39,17).
  150 Here comes the directory listing.
  226 Directory send OK.
  ftp> quit
  221 Goodbye.