server room (by Manuel Geissinger)

Access your WordPress EC2 Instance via SFTP

Three times now I had forgotten how to connect to my WordPress instance via an FTP-client. So I need to write down how it works, as long as my memories are fresh.

What I have:

  • AWS (Amazon Web Services) account
  • EC2 instance on AWS
  • WordPress on that EC2 instance (bitnami)

What I want:

  • Connect to the server/instance via SFTP,
  • so that I can get access to the files on my server.

What I need:

  • access to my AWS-dashboard
  • a security user group (on AWS)
  • the access-key-pair-file (.pem) of my EC2 instance
  • the AMI (Amazon Machine Image) user-name
  • an FTP-client

Let’s begin!

Do I have an FTP-client like FileZilla?
Yes: Good! You’ll need it later.
NO: Get one. You’ll need it later. FileZilla is free of charge and is available here: https://filezilla-project.org/

Do I have access to my AWS dashboard in the browser?

  • YES: Login to the AWS-Console/Dashboard.
  • NO: Stop here and contact AWS support to regain access.

Do I have a running AWS instance with WordPress on it?

  • YES: On the AWS Console: Navigate to Services -> EC2 -> Running Instances. Click on the instance that runs the WordPress site.
  • NO: If you like to host a WordPress Site I suggest this tutorial: https://aws.amazon.com/de/getting-started/tutorials/launch-a-wordpress-website/. Make sure to either use an existing KeyPair when you launch the instance or create a new KeyPair. DOWNLOAD, SAVE the KeyPair.pem file AND REMEMBER WHERE YOU SAVED IT!!!

So you are looking at your instance summary. Check which KeyPair name is associated with your instance:

You know where the .pem file with that name (My_KeyPair_Name.pem) resides on your computer?

  • YES: Very good. Open your FTP-client (e.g. FileZilla).
  • NO: Very unfortunate. You might not get direct access to that EC2 instance anymore. A work around is to copy your instance as an AMI (Amazon Machine Image). Initialize a new EC2 instance, using that image. Disable the old instance. Here is a discussion on how to do that. (This time: REALLY REMEMBER AND SAVE THE keyPair.pem FILE).

In the AWS EC2 dashboard, navigate to NETWORK & SECURITY -> Security Groups

aws Security Groups dashboard

Check the Inbound tab. You need port 22 (SSH) activated. If it is not already there you can add SSH by clicking on Edit -> Add Rule -> and choose SSH from the dropdown. The port defaults to 22 automatically. You have to choose a source. You could use anywhere (0.0.0.0/0). But this means every computer that has your KeyPair can access your server/instance remotely. This is not ideal. BETTER: choose My IP (some-ip-address). You don’t have to know your IP address. It gets filled out automatically. Now only your computer has access to the instance. After doing the above, your inbound settings should look something like this:

aws security group settings for SSH

FANTASTIC! That was actually the most critical part.


Now open FileZilla on your computer. Navigate to Settings (a window pops up). Click on SFTP (under Connections). Which looks like this:

FileZilla SFTP Settings to add a keyfile

There is a button to add a KeyFile with. Remember that My_KeyPair_name.pem file? Good!
Click the Add keyfile… button, go to the directory where you stored the downloaded .pem file. Choose it. (There might be some conversion happening but this is so far in the past that I don’t remember). If so, let it convert the file. And click OK.

Almost done! In the top left corner of the FileZilla user interface you can spot an icon that looks like three server-machines, wired together.

FileZilla site manager icon

That is the site manager. Click on the site-manager-icon. A new window pops open.

In the main settings (which should already been chosen by default):

  • Check that SFTP is chosen as protocol.
  • In the server-field: type your public IP address. You can find it in the AWS EC2 instance dashboard on the right of the instance summary.
aws EC2 instance summary public IP address
  • Leave port empty (it should default to 22 on it’s own).
  • As Logon type choose ask for password. (once you do get asked for one, simply press ok, without typing any password).
  • The user name is based on the operating system’s distribution. Meaning: it can be root, ec2-user, ubuntu, etc. A list of some very common ssh user-names to connect to EC2 can be found here. In my case btw. ubuntu works (the WordPress site runs on an Ubuntu server). But bitnami also works. Which is the stack of the site and seems to be added as an alias for ubuntu.
  • Leave password empty. The window should look similar to this:
  • Click Connect. FileZilla should automatically find the right keyfile. And – like I already mentioned – if you get asked for a password, just click ok. FileZilla should now connect to your server, which means that on the right side of the FileZilla user interface a bunch of folders will magically appear.

Am I connected and do I see my server files on the right?

  • NO: Very sorry, that this blog wasn’t any help….don’t really have any suggestions other than Stackoverflow, Google and patience.
  • YES: FANTABULOUS! We made it! I am very very happy if this blog was helpful to you (which might be myself…again).

If you liked this post or want to hint something, please feel free to share it on social media or send me an email.

Sp├Ąters

niilz