FTP on AWS using ALB

Question

Hi All, I'm currently working on a Lift & Shift program. We have an existing FTP server in DC which needs to be moved to AWS. We proposed a solution by keeping the FTP server in a private subnet and exposed using an NLB(elastic IP assigned) which is provsioned in a public subnet. One of the reviewers made a comment about going for an AWS ALB and keep a WAF infront of this to protect. Existing proposal is to protect using NACL at Subnet level and SG at instance level.

Is it advisable to use an ALB to meet this requirement?

Thanks Suhas

Is it advisable to use an ALB to meet this requirement?

Thanks
Suhas

Accepted Answer

Hello.  
ALB is a load balancer that operates at Layer 7.  
Only HTTP and HTTPS can be used as ALB protocols.  
Therefore, it is not possible to set ALB at the front of the FTP server.  
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

It is also not recommended to FTP to the public.  
If you do, we recommend using Site to Site VPN or Client VPN to encrypt your communications.  
Setting up a VPN allows connections using private IP addresses.  
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html  
https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html

Answer

Thanks Riku for your response on this, this is my understanding as well. In this case we can't have a site to site VPN -  there are solutions under review to replace this legacy solution.

FTP on AWS using ALB

相關內容