This example uses 2 instances in a public subnet that have a security group with port 21, 10000-10001 allowed.
Creating the NLB and Target Group
$ aws elbv2 create-load-balancer --name Passive-FTP --type network --subnet-mappings SubnetId=subnet-7bcb5832,AllocationId=eipalloc-0e20f30bbaa5fc9e0
$ aws elbv2 create-target-group --name passive-targets --protocol TCP --port 21 --vpc-id vpc-73ba9814
$ aws elbv2 register-targets --target-group-arn arn:aws:elasticloadbalancing:us-west-2:179741345863:targetgroup/passive-targets/5def41ec1b0b2f79 --targets Id=i-0806918fcbf44caea Id=i-0914a349f1041212e
$ aws elbv2 create-listener --load-balancer-arn arn:aws:elasticloadbalancing:us-west-2:179741345863:loadbalancer/net/Passive-FTP/073e60e761f72d17 --protocol TCP --port 21 --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-west-2:179741345863:targetgroup/passive-targets/5def41ec1b0b2f79
Setting up VSFTPD user
$ sudo useradd ftpuser
$ sudo passwd ftpuser
$ sudo mkdir /var/ftp/ftpuser
$ sudo chown -R ftpuser:ftpuser /var/ftp/ftpuser
$ sudo cat vsftpd.chroot_list
ftpuser
VSFTPD configuration
Instance1:
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
pasv_enable=YES
pasv_max_port=10001
pasv_min_port=10000
pasv_address=34.212.163.19
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
Instance2:
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
pasv_enable=YES
pasv_max_port=10001
pasv_min_port=10000
pasv_address=34.217.195.78
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
Connecting to the FTP
$ ftp Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com
Connected to Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com.
220 (vsFTPd 2.2.2)
Name (Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com:evan): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (34,217,195,78,39,17).
150 Here comes the directory listing.
226 Directory send OK.
ftp> quit
221 Goodbye.
$ ftp Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com
Connected to Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com.
220 (vsFTPd 2.2.2)
Name (Passive-FTP-073e60e761f72d17.elb.us-west-2.amazonaws.com:evan): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (34,212,163,19,39,17).
150 Here comes the directory listing.
226 Directory send OK.
ftp> quit
221 Goodbye.