cancel
Showing results for 
Search instead for 
Did you mean: 

AWS EC2 Neo4J VM ignoring Tags

lhumphreys
Node Link

Hi!

I followed this documentation (Deploy to Amazon EC2: Host a Single Instance of Neo4j on AWS - Developer Guides) to create an EC2 instance from the Neo4J AMI. This worked great, no problem.

Now I have put a Network Load Balancer in front of the instance, with the following routing:
(LB listener) TLS :443 -> TCP :7474 (target group)
(LB listener) TCP :7687 -> TCP 7687 (target group)

And, finally, I have a Route53 CNAME pointing to the Network Load Balancer.

This gets me 90% of the way there as the DNS resolves, the ports map fine, and my browser loads up the neo4j app.

The final hurdle is bolt, when I curl the root it returns:

{
    "bolt_direct": "bolt://10.13.7.14:7687",
    "bolt_routing": "neo4j://10.13.7.14:7687",
    "neo4j_edition": "community",
    "neo4j_version": "4.1.1",
    "transaction": "http://10.13.7.14:7474/db/{databaseName}/tx"
}

This is no good, those IPs should be the DNS name! To try to fix this, I followed this documentation Neo4j cloud VMs - Operations Manual but the instance ignores any configuration set that way (yes, I did reboot it a bunch of times after setting the tags, and yes the tags are correctly formatted by replacing dots with underscores).

Why is the instance ignoring the tag based configuration?

2 REPLIES 2

lhumphreys
Node Link

For full disclosure, the EC2 instance tags are:

{
  Owner : "Liam Humphreys",
  Environment : "Dev",
  Project : "My Project",
  Name : "Neo4J 2019 Ingest",
  dbms_default_advertised_address : "my.app.dns.com"
}

And the instance AMI is neo4j-community-1-4.1.1-apoc 2020-09-02T11_13_31Z (ami-091a5df90129a9e14)

ok I SSH'd to the instance and ran commands from the pre-neo4j.sh to try to work out what was going wrong, turns out the instance needs an instance profile in order to query metadata such as tags. Seems obvious now! This should ideally be added to the documentation.

A small issue remains, after attaching an instance profile, setting the tags, rebooting the instance, the Neo4J HTTP root returns:

{
    "bolt_direct": "bolt://my.app.dns.com:7687",
    "bolt_routing": "neo4j://my.app.dns.com:7687",
    "neo4j_edition": "community",
    "neo4j_version": "4.1.1",
    "transaction": "http://10.13.1.236:7474/db/{databaseName}/tx"
}

The transaction field is still pointing to the private IP, I'm yet to discover how this impacts users but it probably isn't good!

Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

On November 16 and 17 for 24 hours across all timezones, you’ll learn about best practices for beginners and experts alike.