Connecting from an Amazon EC2 host

February 9, 2021 in Website Backup

Since CodeGuard is hosted within Amazon's EC2 infrastructure, there are a few unique challenges when attempting to backup websites that are also hosted on EC2 servers. Below are some of the common issues and solutions.

1. Your EC2 security group is restricting access to the port used for FTP (21 by default, 22 for SFTP). If that is the case and you do not want to leave this port exposed, then you can add the range of IP addresses we may connect from: Whitelist FTP IPs.

2. The port range needed for passive FTP data connections is blocked by a firewall or security group setting. In addition to port 21, passive FTP also requires additional ports for data transfer. This range of ports (usually something like 50000-50100) will be specified in your FTP server configuration and will just need to be added to your security group.

3. The host address or IP configured in the FTP/SFTP server is the internal amazon IP (10.x.x.x) and not the external IP address. If this is the case, the FTP server will instruct us to try and open a data connection back to the 10.x.x.x which we are not able to do. The solution here is to configure the FTP/SFTP server to use your Elastic IP address.