Current AMIs boot correctly when deployed, but the user can't login to the instances because they do not fetch SSH public key from the EC2 environment.
The root cause is in an unexpected change made by Amazon to their system. For a few years, the both the system serial number and the system UUID used to start with EC2, so we used this fact for checking if VyOS is running in EC2, since fetching keys from a link-local address when running outside a controlled environment can be a security disaster.
Now only the system serial number starts with EC2, so that check no longer works as expected and returns false negatives.