Install awscli locally. In this case with brew on a mac:

brew install awscli

Configure the cli:

aws configure

AWS Access Key ID: IAM credential with necessary access
AWS Secret Access Key: IAM credential with necessary access
Default region name: e.g. eu-west-1
Default output format [None]: Leave as none

Now export all instances in this region to csv file:

aws ec2 describe-instances --output text --query 'Reservations[*].Instances[*].[InstanceId, InstanceType, ImageId, State.Name, LaunchTime, Placement.AvailabilityZone, Placement.Tenancy, PrivateIpAddress, PrivateDnsName, PublicDnsName, [Tags[?Key==`Name`].Value] [0][0], [Tags[?Key==`purpose`].Value] [0][0], [Tags[?Key==`environment`].Value] [0][0], [Tags[?Key==`team`].Value] [0][0] ]' > instances.csv

1. Find where Java lives:

which java

2. Set JAVA_HOME:

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-2.b11.30.amzn1.x86_64/

3. Set the Java path:

export PATH=$PATH:$JAVA_HOME

4. Confirm path is set (as above) correctly:

echo $JAVA_HOME

1. Install mod_ssl and python

yum -y install mod_ssl python26-virtualenv

2. Change into /opt and clone letsencypt

cd /opt

git clone https://github.com/certbot/certbot letsencrypt

3. Run letsencrypt

/opt/letsencrypt/letsencrypt-auto --debug

Select relevant options when prompted.

4. Setup auto-renew

Auto-renew certificates every Sunday at 6pm:

crontab -e
# Renew Let's Encrypt certificates at 6pm every Sunday
0 18 * * 0 root (/opt/letsencrypt/certbot-auto renew && service httpd restart)

Simple steps to ensure Pure-FTPd works on an EC2 instance:

1. Enable passive mode

sudo echo "50000 50100" > /etc/pure-ftpd/conf/PassivePortRange

2. Allow access to Public IP

sudo echo "public_ip" > /etc/pure-ftpd/conf/ForcePassiveIP

3. AWS Security Groups

Allow ports 50000 – 50100 to be open to anywhere

4. Restart Pure FTPd

sudo /etc/init.d/pure-ftpd restart

5. Test FTP access

After installing WHM on EC2 I started to setup the individual CPanel accounts with FTP accounts.

When trying to connect via FTP with a new account I got the following error with Filezilla:

‘Failed to Retrieve Directory Listing’

From carrying out some research it turns out that a range of passive ports need to be added to your Security Group. To find the passive port range used by Pure-FTP, shell into the servers and run the following:

vim /etc/pure-ftpd.conf

Search for Passive and you should see (version 60 of WHM):

PassivePortRange 49152 65534

Add this port range (49152 – 65534) to your Security Group and test with FileZilla.

* Make sure ForcePassiveIP is set to the correct external IP

**Try to lock down the passive port range to an IP range where possible