Sold by: Lynxroute
Deployed on AWS
Free Trial
This product has charges associated with it for hardening, security configuration, and support.
Neo4j Community Edition is an open-source native graph database with the Cypher query language, the binary Bolt protocol, and the built-in Neo4j Browser web UI, running on OpenJDK 21. Unlike bare Neo4j AMIs that keep the default neo4j/neo4j password, expose unencrypted Bolt and HTTP on every interface, and ship no TLS, this Lynxroute build is ready out of the box: a random admin password set at first launch, native TLS on the Bolt port 7687 (encryption required) and the Neo4j Browser over HTTPS on port 7473 with a self-signed certificate, plain HTTP bound to localhost and firewalled, UFW pre-configured, and a CIS Level 1 hardened Ubuntu 24.04 LTS base.
GPL-3.0 license - fully auditable, no vendor lock-in.
Overview
This is a repackaged software product wherein additional charges apply for hardening, security configuration, and support.
WHAT IS NEO4J COMMUNITY EDITION
Neo4j Community Edition is an open-source native graph database written in Java that stores data as nodes and relationships instead of tables, making connected-data queries fast and expressive. It is queried with Cypher, Neo4j's declarative graph query language, over the binary Bolt protocol or an HTTP API, and ships with the Neo4j Browser - a built-in web workbench for running Cypher and visualizing the graph. The engine provides ACID transactions, index-free adjacency for constant-time traversals, native graph storage, schema constraints and indexes, and a procedure library. Typical uses include knowledge graphs, fraud detection, recommendation engines, network and IT operations mapping, and identity and access graphs. This AMI runs a single-node Community instance on OpenJDK 21, with the JVM heap and page cache sized to the instance at first launch. GPL-3.0 license, self-hosted entirely in your own AWS account - no vendor lock-in.
WHAT THIS AMI ADDS
Security hardening:
- Random administrator password generated at first launch - no default neo4j/neo4j credential
- Native TLS on the Bolt protocol (port 7687, encryption required) and the Neo4j Browser over HTTPS (port 7473), with a self-signed certificate generated at first launch (replaceable with your own CA certificate)
- Plain HTTP (7474) bound to localhost and blocked by the firewall - only HTTPS 7473 and Bolt 7687 are exposed
- JVM heap and page cache sized to the instance RAM at first launch
- Neo4j Browser usage telemetry disabled
- UFW firewall - only ports 7473, 7687 and SSH on 22 are open
- fail2ban, AppArmor
- CVE scan - every image is scanned for vulnerabilities before release
OS hardening (CIS Level 1):
- CIS Ubuntu 24.04 LTS Level 1 benchmark applied via ansible-lockdown
- auditd, SSH hardening, Kernel hardening, IMDSv2 enforced
Compliance artifacts:
- SBOM - CycloneDX 1.6 at /etc/lynxroute/sbom.json
- CIS Conformance Report at /etc/lynxroute/cis-report.html
- CIS Tailored Profile at /usr/share/doc/lynxroute/CIS_TAILORED_PROFILE.md
Highlights
- Neo4j security baked in: random admin password at first launch, native TLS on Bolt 7687 (encryption required) and the HTTPS Browser on 7473 with a self-signed certificate, plain HTTP firewalled to localhost - unlike bare Neo4j AMIs that keep the default neo4j/neo4j password, expose unencrypted Bolt and HTTP on every interface, and ship no TLS.
- CIS Level 1 hardened Ubuntu 24.04 LTS: auditd, fail2ban, AppArmor, SSH key-only, IMDSv2 enforced. CVE-scanned before every release. SBOM (CycloneDX) and CIS Conformance Report included.
- Native graph database with the Cypher query language, the binary Bolt protocol, and the built-in Neo4j Browser for querying and visualizing connected data. GPL-3.0 license - fully auditable, no vendor lock-in.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 5 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
t3.medium Recommended | $0.02 |
t3.large | $0.03 |
t3.small | $0.02 |
m6i.xlarge | $0.05 |
m6i.large | $0.03 |
Vendor refund policy
We do not offer refunds for this product. AWS infrastructure charges (EC2, EBS, data transfer) are billed separately by AWS and are not refundable by us.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Neo4j Community Edition 2026.05.0 - Initial release (June 2026)
- Neo4j Community Edition 2026.05.0 on Ubuntu 24.04 LTS (OpenJDK 21)
- CIS Level 1 hardening applied (ansible-lockdown/UBUNTU24-CIS)
- CVE-scanned before every release
- Random admin password set at first launch - no default neo4j/neo4j credential
- Native TLS: Bolt on port 7687 (encryption required) and the Neo4j Browser over HTTPS on 7473 with a self-signed certificate (replaceable)
- Plain HTTP 7474 bound to localhost and firewalled; JVM heap and page cache sized to the instance at first launch
- Neo4j Browser at /browser/; Browser usage telemetry disabled
- UFW firewall pre-configured (ports 7473, 7687 and SSH 22 only)
- fail2ban, auditd, AppArmor pre-configured
- SBOM (CycloneDX 1.6) at /etc/lynxroute/sbom.json
- CIS Conformance Report (OpenSCAP) at /etc/lynxroute/cis-report.html
- IMDSv2 enforced
Additional details
Usage instructions
- Launch instance (t3.medium recommended)
- Open Security Group - allow TCP 7473 and TCP 7687 (and TCP 22 for SSH) from your IP
- SSH: ssh -i key.pem ubuntu@<PUBLIC_IP>
- Read credentials: sudo cat /root/neo4j-credentials.txt
- Open https://<PUBLIC_IP>:7473/browser/ in your browser - accept the self-signed certificate warning - to reach the Neo4j Browser
- In the Connect dialog set the connection URL to neo4j+ssc://<PUBLIC_IP>:7687, then log in with user neo4j and the password from the credentials file
- Or use cypher-shell from the instance: cypher-shell -a neo4j+ssc://<PUBLIC_IP>:7687 -u neo4j -p <password> "RETURN 1"
The admin password is generated at first launch and saved to /root/neo4j-credentials.txt. Neo4j serves the Bolt protocol over TLS on port 7687 and the Neo4j Browser over HTTPS on port 7473; plain HTTP on 7474 is bound to localhost and blocked by the firewall. The self-signed certificate uses the neo4j+ssc:// (self-signed) scheme - replace it in /var/lib/neo4j/certificates/shared/ with a CA-signed certificate for production use, then run sudo systemctl restart neo4j.
Resources
Vendor resources
Support
Vendor support
Lynxroute is not affiliated with or endorsed by Neo4j, Inc. - this AMI packages the GPL-3.0 open-source Neo4j Community Edition distribution as a self-hosted EC2 service. "Neo4j" and "Cypher" are trademarks of Neo4j, Inc.
Visit us online: https://lynxroute.com
For Neo4j documentation: https://neo4j.com/docs/ For Neo4j upstream issues: https://github.com/neo4j/neo4j/issues For AWS infrastructure issues:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Fully-managed, always-on graph database as a service for intelligent, context-driven applications using connected data sets. Built on the battle-tested Neo4j graph platform, Aura offers a scalable and reliable service with advanced security, built-in visualization and developer tools.
The most trusted, secure, and globally deployed graph database. At real-world scale, you get no-compromise performance, reliability, and data integrity.
Neo4j Aura is a fully managed, always-on graph database-as-a-service (DBaaS) that helps organizations uncover hidden patterns and relationships across connected data. Built for modern applications and AI, it enables teams to create knowledge graphs, power GraphRAG and agentic AI, and support use cases such as fraud detection, customer 360, product recommendations, and supply chain optimization. With flexible, pay-as-you-go pricing, AuraDB makes it easy to scale graph-powered innovation on AWS.
The most trusted, secure, and globally deployed graph database. At real-world scale, you get no-compromise performance, reliability, and data integrity.
This product has charges associated with it for seller support. This is open source software, which is repackaged by Hanwei. The additional cost is applicable to the extended support of 24-hour response time.This AMI contains CentOS Stream 9 Latest (with Neo4j-4.4) and includes support.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.