How To Setup AWS FTP Server on Windows EC2 using FileZilla

To setup and install an AWS FTP server in AWS, the easiest and quickest way is to install our FTP Server solution from the AWS marketplace. The image comes pre configured using a customized version of Filezilla FTP Server running on EC2 Windows server.  It will allow you to securely transfer files using encryption over FTPS / SSL.  Click on our links below to deploy to your AWS tenant

AWS FTP Server

Setup AWS FTP Server on Windows Server 2019

Setup AWS FTP Server on Windows Server 2016

Table of Contents

AWS FTP Server Video Tutorial

Getting Started with FileZilla FTP Server on AWS

This guide explains the steps required to get our secure FTP server solution running on Amazon AWS using our virtual machine image from the AWS marketplace.

 

Once your EC2 AWS VM has been deployed there are some post configuration steps to complete to start using the FTP Server (FileZilla FTP Server).

Login to AWS Instance

Login using the username Administrator.  To get the password, you will be able to retrieve this using the key pairs you generated during the AWS instance deployment.  Within the AWS console select Connect / RDP Client / Get Password“.

Launch Filezilla FTP Server Instance

Once you’ve logged into the server, Launch the Filezilla server instance app, found on the desktop.  On the launch screen press connect as shown below (password is blank):

FTP Server Passive Mode

You should now be connected. You may see connection errors and NAT errors, this is normal as we need to complete some configuration.  From the menu select

Edit > Settings > Passive Mode Settings.

 

You’ll need to set a passive mode port range. Usually (50000-51000). These ports are used for data transfers to the server.

 

Set Public IP Address

For this next part you’ll need to make sure the VM has a public IP address to allow external clients to connect as shown in yellow. 

 

From the AWS console, select the VM instance and under Descriptionyou will see the public IP address and public DNS hostname:

Once you have a public IP address associated with your AWS VM, add the IP address to the passive mode settings, as shown below, highlighted in yellow and also the passive port range:

Create Certificate (FTP over TLS)

The next step is to create a new private key and a self signed certificate, needed by FileZilla server to accept TLS connections. 

 

Within the FileZilla server options, click on SSL/TLS settings.  Check the Enable FTP over TLS support (FTPS).

 

Next click on Generate New CertificateFill in your company information.

IMPORTANT – In the common name (Server address) field make sure to add the public IP address or public DNS hostname of your AWS instance VM. 

 

Save the key locally on the server and then press Generate certificate.  No need to add a password.

Setup FTP Server Users

There are 2 options:

 

  1. Create local users and assign access.
  2. Integrate Active Directory and allow users to use their domain logins to authenticate.

Option 1 - Create Local Users and assign FTP access

To setup local users and give access to directories locally on your server navigate to Edit > Users

 

Here you can add users and generate their passwords.

 

Then give the users access to your local folders you would like them to have access to.  Setup as many folders as you like.  Groups can also be setup and permissions applied at a group level.

Option 2 - Active Directory Integrated

Open settings > LDAP and select enable LDAP support Beta.

 

Add your private IP address of your local domain controller. Add Port 389 and write the name of your domain name.

 

Select Enable TLS/SSL

Next you need to add the users who need access to your FTP directories. 

 

Select Edit > Users and here you’ll need to add the users full UPN that they use to logon to AD, for example if their name is jsmith@yourdomain.com or yourdomain\jsmith we need to make sure we add this so it matches their login UPN jsmith@yourdomain.com. We don’t need to add their password here as it authenticates against Active Directory, so make sure the password checkbox is unchecked.

 

Next check the boxes LOCAL and LDAP as in the screenshot below.

 

In the screenshot below I’ve added a test user from our AD called ftpuser and our AD domain is called yourdomain.com

Next is to assign these users to your FTP directories they need access to. Click on Shared Folders within the Users menu and add the local folders and assign permissions they need:

Now would be a good time to test if you can connect using an FTP client.  If you can’t connect, try the next step and to configure any AWS Firewall rules.

AWS FTP Server Firewall Ports

If you have AWS firewall rules / security groups or any firewall appliances in AWS you will need to open access to the following ports:

 

  • Port: 21 (Used for FTP)
  • Port: 990 (Used for FTPS)
  • Passive Port Range: 50000 – 51000 (Used for data transfer).

 

To setup AWS firewall rules refer to – AWS Security Groups

 

During the instance deployment from the AWS marketplace the security groups will automatically be setup with the required firewall ports above. If however you need to manually set these up, you can do this via the AWS console, open up Security Groups under Networking & Security. Click on Create Security Group:

Add the required firewall ports:

Next you will need to assign this new security group to your FTP Server VM.

 

From instances in the AWS console, select your VM and click Actions / Networking / Change Security Groups and assign the security group to your VM.

Client FTP Software

To allow clients to connect, users can use any FTP client.  You can use FileZillas FTP Client

AWS FTP Server Support

Any other questions about the setup of the VM in Amazon AWS, leave your comments below.

Disclaimer: This FTP server solution is built using a modified version of Filezilla server opensource software. This solution is provided under GPLv2 license. The respective trademarks mentioned in the offering are owned by the respective companies. No warrantee of any kind, express or implied, is included with this software.


– Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user.
– The author is not responsible for any damage that its use could cause.

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

0 0 votes
Article Rating
Subscribe
Notify of
2 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Ananta Bhandari

how much speed can i get?

2
0
Would love your thoughts, please comment.x
()
x