AWS NLB SSL termination - Why do requests always forward to port 443 on my ec2 instance?

I am setting up a relatively simple microservice API application using AWS and Spring Boot. My configuration is:

1. Route 53 managed domain
2. Amazon Credentials Manager-managed SSL certs
3. A Network load balancer with one TLS:443 listener, with the SSL cert mentioned above selected and one default routing rule forwarding to one target group
4. The target group has one registered target, an EC2 instance, and is configured for TCP:8080. The health check for this resource is working, the resource shows as healthy in the AWS dashboard for the target group.
5. The EC2 instance has a security inbound rule configured to allow TCP:8080 traffic from anywhere
6. The EC2 instance is running an instance of my Spring Boot Application listening on port 8080

My expectation is that an incoming HTTP GET request to https:\mydomain.com\health will hit my NLB, the TLS:443 listener decrypts and forwards to my ec2 instance according to the port configured (8080). My ec2 instance should thus not be set up for HTTPS (no cert) since it receives decrypted traffic.

The actual result is that all requests to mydomain.com seem to hit my EC2 instance at port 443, regardless of the above configuration. They are "getting through" to the instance since I get [machine IP]:443 ECONNREFUSED errors. Am I wrong to expect the traffic on port 8080? Do I have something misconfigured? Any guidance on what I might be missing would be greatly appreciated!

Sigh.... the curse of finding the solution moments after writing a post about it.

My issue arose from a bad A record in Route 53 that was forwarding directly to the EC2 instance instead of the load balancer. I deleted the bad record and created a new record that points to my NLB via quick create. Sure enough, now everything works.