The deployment of vsftpd as a service to ECS appears to work as expected...an FTP client can connect to the container using the Public IP listed in ECS > Clusters > Services > Tasks > Networking.
Instead of using the Public IP, the goal is to use a load balancer to map a subdomain to the ECS instance.
Currently trying to use a Network Load Balancer so that we can map TCP ports (ALB only offers HTTP ports, as I understand it).
Target groups are configured with 5 TCP ports (IP target type & IPv4 address type)
The Network Load Balancer is configured with 5 listeners that map 5 TLS ports (using an ACM certificate) to forward to the above target groups.
The internet-facing IPv4 NLB times out when I try to connect using an FTP client.
I've checked/confirmed the Security Groups and Subnet (repeatedly) and can't find the issue.
~~What am I missing?~~
UPDATE
FTP is not supported by NLB - https://repost.aws/questions/QUZyDFPN-gSpK87wiBOLEN1A/aws-network-load-balancer-in-front-of-ecs-service-running-vsftpd-not-working