Below is a configuration that I used to get VSFTPD working in passive mode on an AWS Red Hat 7 Instance. The key line that allows me to make this work was changing the listen_ipv6 to listen. For some reason passive would not work until that was done. It is supposed to support both protocols in the IPV6 mode but it does not seem to play well with passive mode. I will also point out that I had to open all the ports below on my AWS security group and the Red Hat firewall. Also make sure that you configure or disable SElinux. SELinux will not allow VSFTPD to function in it’s default state.
listen=YES
#listen_ipv6=YES
connect_from_port_20=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
port_enable=YES
allow_writeable_chroot=YES
pasv_address=[Your Elastic IP Here]
pasv_addr_resolve=NO