AWS EC2 Neo4J VM ignoring Tags

Hi!

I followed this documentation (Deploy to Amazon EC2: Host a Single Instance of Neo4j on AWS - Developer Guides) to create an EC2 instance from the Neo4J AMI. This worked great, no problem.

Now I have put a Network Load Balancer in front of the instance, with the following routing:
(LB listener) TLS :443 -> TCP :7474 (target group)
(LB listener) TCP :7687 -> TCP 7687 (target group)

And, finally, I have a Route53 CNAME pointing to the Network Load Balancer.

This gets me 90% of the way there as the DNS resolves, the ports map fine, and my browser loads up the neo4j app.

The final hurdle is bolt, when I curl the root it returns:

{
    "bolt_direct": "bolt://10.13.7.14:7687",
    "bolt_routing": "neo4j://10.13.7.14:7687",
    "neo4j_edition": "community",
    "neo4j_version": "4.1.1",
    "transaction": "http://10.13.7.14:7474/db/{databaseName}/tx"
}

This is no good, those IPs should be the DNS name! To try to fix this, I followed this documentation Neo4j cloud VMs - Operations Manual but the instance ignores any configuration set that way (yes, I did reboot it a bunch of times after setting the tags, and yes the tags are correctly formatted by replacing dots with underscores).

Why is the instance ignoring the tag based configuration?

For full disclosure, the EC2 instance tags are:

{
  Owner : "Liam Humphreys",
  Environment : "Dev",
  Project : "My Project",
  Name : "Neo4J 2019 Ingest",
  dbms_default_advertised_address : "my.app.dns.com"
}

And the instance AMI is neo4j-community-1-4.1.1-apoc 2020-09-02T11_13_31Z (ami-091a5df90129a9e14)

ok I SSH'd to the instance and ran commands from the pre-neo4j.sh to try to work out what was going wrong, turns out the instance needs an instance profile in order to query metadata such as tags. Seems obvious now! This should ideally be added to the documentation.

A small issue remains, after attaching an instance profile, setting the tags, rebooting the instance, the Neo4J HTTP root returns:

{
    "bolt_direct": "bolt://my.app.dns.com:7687",
    "bolt_routing": "neo4j://my.app.dns.com:7687",
    "neo4j_edition": "community",
    "neo4j_version": "4.1.1",
    "transaction": "http://10.13.1.236:7474/db/{databaseName}/tx"
}

The transaction field is still pointing to the private IP, I'm yet to discover how this impacts users but it probably isn't good!