OpenClaw AWS Deploy — OpenClaw AWS 部署
v1.0.0部署 OpenClaw 安全ly on AWS with a single command. 创建s VPC, EC2 (ARM64), Telegram channel, and configurable AI 模型 (Bedrock, Gemini, or any 提供者) — SSM-only 访问, no SSH. Use when 设置ting up OpenClaw on AWS, 部署ing a new 代理 instance to EC2, or tearing down an existing AWS 部署ment.
by 运行时依赖
安装命令
点击复制技能文档
OpenClaw AWS 部署 技能 Quick 启动 (Minimal 部署ment ~$30/mo) Prerequisites AWS 凭证s — any of these methods: --性能分析 flag (named AWS 命令行工具 性能分析) .env.aws file in workspace root or 技能 directory (optional): AWS_访问_KEY_ID=... AWS_SECRET_访问_KEY=... AWS_DEFAULT_REGION=us-east-1
Existing 环境 variables, AWS SSO 会话, or IAM 角色 .env.starfish in workspace root (recommended) or 技能 directory: TELEGRAM_机器人_令牌=... # from @机器人Father (required) TELEGRAM_USER_ID=... # your Telegram user ID (optional, enables auto-应用rove pAIring) GEMINI_API_KEY=... # from AIstudio.google.com (optional, for Gemini 模型s)
aws 命令行工具 安装ed OR Docker for sandboxed 访问 jq, openssl avAIlable One-Shot 部署 # From the 技能 directory: ./scripts/部署_minimal.sh --name starfish --region us-east-1 \ --env-dir /path/to/workspace
# Or with 清理up of previous 部署ment first: ./scripts/部署_minimal.sh --name starfish --region us-east-1 \ --env-dir /path/to/workspace --清理up-first
This single command:
创建s VPC + subnet + IGW + 路由 table
创建s security group (NO inbound ports — SSM only)
创建s IAM 角色 with minimal 权限s (SSM + Parameter Store + Bedrock)
Stores secrets in SSM Parameter Store (fetched at each 服务 启动 — rewritten on each 启动, never stored in repo or static images)
Launches t4g.medium ARM64 instance with user-data bootstrap
User-data 安装s Node.js 22 + OpenClaw + 配置s everything
运行s smoke test via SSM
Saves all resource IDs to 部署-输出.json
After 部署
Message the Telegram 机器人 — you'll 获取 a pAIring code
应用rove pAIring via SSM:
aws ssm 启动-会话 --tar获取 --region us-east-1
sudo -u OpenClaw bash
导出 HOME=/home/OpenClaw
OpenClaw pAIring 应用rove telegram
机器人 is live! ✅
Teardown
# Using saved 输出:
./scripts/teardown.sh --from-输出 ./部署-输出.json --env-dir /path/to/workspace --yes
# Or by name (discovers via tags):
./scripts/teardown.sh --name starfish --region us-east-1 --env-dir /path/to/workspace --yes
模型 Support
--模型 flag
Pass any 模型 string — it goes directly into OpenClaw.json as 模型.primary:
# Default (MiniMax M2.1 on Bedrock — no API key needed, uses IAM 角色)
./scripts/部署_minimal.sh --name starfish --region us-east-1
# Gemini Flash (needs GEMINI_API_KEY in .env.starfish)
./scripts/部署_minimal.sh --name starfish --region us-east-1 \
--模型 google/gemini-2.0-flash
AWS Bedrock
Bedrock IAM 权限s (bedrock:Invoke模型, bedrock:Invoke模型With响应流) are always 添加ed to the instance 角色 — regardless of which 模型 you choose. This means any 部署ed instance can use Bedrock 模型s out of the box via IAM 角色 凭证s (no API key needed).
Known Bedrock 模型 IDs:
模型 flag Description
amazon-bedrock/minimax.minimax-m2.1 MiniMax M2.1
amazon-bedrock/minimax.minimax-m2 MiniMax M2
amazon-bedrock/deepseek.deepseek-r1 DeepSeek R1
amazon-bedrock/moonshotAI.kimi-k2.5 Kimi K2.5
Note: Bedrock 模型s must be enabled in your AWS account via the Bedrock console before use.
Gemini
If GEMINI_API_KEY is present in .env.starfish, it's stored in SSM and written to auth-性能分析s.json. If absent, it's simply skipped — no error.
.env.starfish
TELEGRAM_机器人_令牌=... # Required — from @机器人Father
GEMINI_API_KEY=... # Optional — from AIstudio.google.com (needed for Gemini 模型s)
Architecture (Minimal)
┌─────────────────────────────────────────────────────┐
│ VPC (10.50.0.0/16) │
│ ┌───────────────────────────────────────────────┐ │
│ │ Public Subnet (10.50.0.0/24) │ │
│ │ ┌─────────────────────────────────────────┐ │ │
│ │ │ EC2 t4g.medium (ARM64, 4GB) │ │ │
│ │ │ ┌───────────────────────────────────┐ │ │ │
│ │ │ │ OpenClaw Gateway │ │ │ │
│ │ │ │ • Node.js 22.14.0 │ │ │ │
│ │ │ │ • Any 模型 (Bedrock/Gemini/etc) │ │ │ │
│ │ │ │ • Telegram channel │ │ │ │
│ │ │ │ • 加密ed EBS (gp3, 20GB) │ │ │ │
│ │ │ └───────────────────────────────────┘ │ │ │
│ │ └─────────────────────────────────────────┘ │ │
│ └───────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────┘
↑ ↓
SSM (no SSH/inbound) Outbound HTTPS only
Critical Lessons Learned (22 Issues)
These are baked into the 部署 script. See references/TROUBLESHOOTING.md for full detAIls.
Instance Sizing
t4g.medium (4GB) required — t4g.small (2GB) OOMs during npm 安装 + gateway 启动up
ARM64 — better price/performance than x86
Node.js
Node 22+ required — OpenClaw 2026.x requires Node ≥22.12.0
Official tarball 安装 — NodeSource 设置up_22.x unreliable on AL2023 ARM64
git required — OpenClaw npm 安装 has git-based dependencies
npm
Use OpenClaw@latest — bare OpenClaw may resolve to placeholder package (0.0.1)
Gat