Notes on getting Neo4j Running from Community AWS AMI

I have been trying to get any Neo4j instance running in the cloud so I can work on my software. Today I finally got a Neo4j 4.0.5 Single instance running on AWS. It wasn't easy, and none of the instructions I could find were exactly correct (including the directions in the AMI itself.) So I am including some notes here in hopes that other will not have the troubles I had. Also perhaps someone can fix the instructions elsewhere, or maybe better yet some better installation/automation scripts for people to get things installed easier.

  1. I started an AWS EC2 instance using the AMI provided by Neo4j for version 4.0.5, the machine starts without issue and I can easily SSH into it.
  2. If you try to go to the url at port 7473, you get the invalid cert error as expected, if you accept the cert you will still not be able to log in because of the bolt port (7687), there are a number of places that say you can simply go to your host with port 7687 and then accept the cert on that port. I could not get that to work.
  3. Next I started the process of getting a real cert. I was following @david.allen article: https://medium.com/neo4j/getting-certificates-for-neo4j-with-letsencrypt-a8d05c415bbd

However there where some issues in that article.
Before you can start using that article I had to take some AWS specific steps.
First I went to route 53 and setup an A record to point my desired hostname to the IP address of my ec2 instance. Then I modified the Security group for my neo4j instance to allow port 80

Now I began following David's steps and ran into the following issues (These have since been fixed):
mkdir $certsource/trusted
must actually be:
sudo mkdir $certsource/trusted

and
systemctl restart neo4j
should be:
sudo systemctl restart neo4j

When I did the work, I made a copy/paste error and nothing was working. (I was getting Connection Refused).
The logs for neo4j were in:
/var/log/debug.log
However there was nothing there. So I looked at ps and saw that there were no neo4j processes running and there was no error message when I had run sudo systemctl restart neo4j
The output logs for systemctl are in /var/syslog, they were quite detailed and quickly led me to the copy and paste mistake I made.

So I could access the control panel on port 7473 and I excitedly typed in neo4j as the user and my instance id as the password and I was rewarded with "Authentication Error". It ends up the documentation is incorrect and the default password was neo4j.

Now everything was running and I could access my neo4j instance running in AWS on EC2.

When I first connected my Python Code to the Instance I received:

Connection closed without handshake response
The issue there was that I did not have the encrypted=True parameter passed properly in my GraphDatabase.driver call

Thanks for taking the time to write this up.

The sudo errors you noted in the LetsEncrypt article I just fixed and re-published after reading your post.

my instance id as the password and I was rewarded with "Authentication Error". It ends up the documentation is incorrect and the default password was neo4j.

A problem from my perspective is cataloging users the various methods you can use to launch these AMIs. You see a lot of optionality because it can be done many ways. In this instance -- the raw AMI has a default password of neo4j. I'm not sure which documentation you were looking at, but indeed some of the docs do say that the password is the instanceID. Best of my memory, that applies to when you launch it via provided CloudFormation templates. (The logic that changes the password is there). If you launch from the raw AMI located in the catalog, that won't be the case.

The same may be the situation with port 7687. We have multiple docs in places that indicate how to open 7687 and that it needs to be open -- but it's possible you followed a path where that wasn't made clear.

If you have any other feedback please do let us know and we'll improve the documentation where we can.