One of the data providers, only offers transfer to an FTP server.
To test connection I started an FTP server in a public subnet and opened port:21 in Security Group, unfortunately the data did not reach there, so in VPC Flow Logs I checked that apart from port:21, there are other different ports that need to be opened, but they change so often that I am not able to add all of them to Security Group:
I want my ftp server in private subnet and some sort of network interface to handle incoming connections.
Therefore I want to set up either Network load balancer or EC2 Jump host (I need Bastion host because I don't want to assign elastic IP to another instance, just one with elastic IP and then rest of instances in private subnet).
Network load balancer has ports that it listens to, due to the fact that there are a lot of ports and they change, I am not able to add them all. Is there a way to bypass this?
The second approach is to setup an EC2 Bastion Host that would accept all connections but forward what is on port 21
Does this even make sense? Is there any pattern that is easier?
If you have any amount of choice of approach, commit to SFTP instead, last time I saw it it did do its job, exactly through bastion in a setup similar to yours.
https://dev.to/tanmaygi/how-to-create-a-sftp-server-on-ec2centosubuntu--1f0m