In your /etc/vsftpd.conf add: pasv_min_port=10000 pasv_max_port=10024 pasv_address=1.2.3.4 (Where 1.2.3.4 is your external public IP address.) Then: ec2-authorize default -p 20-21 ec2-authorize default -p 10000-10024 and restart vsftpd. What this does is configure vsftpd to use ports 10000-10024 for passive data transfers. Then ec2-authorize opens ports 20-21 and 10000-10024 for active and passive connections. I was [...]