How to Deploy OpenClaw on AWS EC2

Intermediate1.5-2 hoursUpdated 2025-02-04

AWS EC2 provides scalable cloud infrastructure for OpenClaw. This guide walks you through launching EC2 instances, configuring security groups, attaching EBS volumes for persistent storage, setting up Elastic Load Balancing for high availability, and configuring systemd services for auto-recovery. You'll have a production-ready OpenClaw instance on AWS in under 2 hours.

Why This Is Hard to Do Yourself

These are the common pitfalls that trip people up.

☁️

Instance type selection

Choosing between t3, m5, and c5 families based on vCPU, RAM, and network performance

🔐

Security group configuration

Balancing accessibility with security to prevent unauthorized access

💾

EBS volume management

Selecting the right volume type, size, and encryption settings for performance and cost

🔄

Load balancing complexity

Setting up ALB/NLB with health checks and auto-scaling requires multiple AWS services

Step-by-Step Guide

Step 1

Launch EC2 instance with appropriate sizing

Create a new EC2 instance with sufficient resources for OpenClaw.

aws ec2 run-instances \
  --image-id ami-0c55b159cbfafe1f0 \
  --instance-type t3.medium \
  --key-name your-key-pair \
  --security-group-ids sg-xxxxxxxxx \
  --block-device-mappings DeviceName=/dev/sda1,Ebs={VolumeSize=50,VolumeType=gp3}

# Recommended specs:
# t3.medium: 2 vCPU, 4GB RAM (~$30/mo)
# t3.large: 2 vCPU, 8GB RAM (~$60/mo)
# m5.large: 2 vCPU, 8GB RAM (~$95/mo)

Step 2

Configure security groups for network access

Create firewall rules for SSH, HTTP, and HTTPS access.

aws ec2 authorize-security-group-ingress \
  --group-id sg-xxxxxxxxx \
  --protocol tcp --port 22 --cidr 203.0.113.0/24

aws ec2 authorize-security-group-ingress \
  --group-id sg-xxxxxxxxx \
  --protocol tcp --port 80 --cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress \
  --group-id sg-xxxxxxxxx \
  --protocol tcp --port 443 --cidr 0.0.0.0/0

Warning: Never expose OpenClaw port 3000 directly to the internet. Use reverse proxy on port 443.

Step 3

Assign Elastic IP for static addressing

Allocate an Elastic IP so instance IP doesn't change on restart.

aws ec2 allocate-address --domain vpc

aws ec2 associate-address \
  --instance-id i-xxxxxxxxx \
  --public-ip 203.0.113.50

Step 4

Connect via SSH and install dependencies

SSH into the instance and install Node.js.

ssh -i your-key.pem ubuntu@203.0.113.50

sudo apt update && sudo apt upgrade -y

curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs git curl

Step 5

Clone, install, and configure OpenClaw

Set up OpenClaw on the EC2 instance.

cd ~
git clone https://github.com/openclaw/openclaw.git
cd openclaw
npm install

cp .env.example .env
nano .env  # Add API keys

cp gateway.example.yaml gateway.yaml
nano gateway.yaml

Step 6

Create systemd service for auto-start

Configure OpenClaw to start automatically and recover on crash.

sudo tee /etc/systemd/system/openclaw.service > /dev/null << EOF
[Unit]
Description=OpenClaw AI Agent
After=network.target

[Service]
Type=simple
User=ubuntu
WorkingDirectory=/home/ubuntu/openclaw
ExecStart=/usr/bin/npm start
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable openclaw
sudo systemctl start openclaw

Step 7

Set up nginx reverse proxy for HTTPS

Install nginx and configure SSL termination.

sudo apt install -y nginx certbot python3-certbot-nginx

sudo tee /etc/nginx/sites-available/openclaw > /dev/null << EOF
server {
  listen 80;
  server_name your-domain.com;
  location / {
    proxy_pass http://localhost:3000;
    proxy_set_header Host \$host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
  }
}
EOF

sudo ln -s /etc/nginx/sites-available/openclaw /etc/nginx/sites-enabled/
sudo systemctl reload nginx

sudo certbot --nginx -d your-domain.com

Step 8

Configure CloudWatch monitoring

Set up monitoring for CPU, memory, and disk usage.

aws cloudwatch put-metric-alarm \
  --alarm-name openclaw-cpu-high \
  --alarm-description "Alert when CPU > 80%" \
  --metric-name CPUUtilization \
  --namespace AWS/EC2 \
  --statistic Average \
  --period 300 \
  --threshold 80 \
  --comparison-operator GreaterThanThreshold \
  --dimensions Name=InstanceId,Value=i-xxxxxxxxx

AWS Deployment Expertise

We handle EC2 provisioning, security hardening, auto-scaling, load balancing, monitoring, and backups. Get a production-ready deployment with high availability.

Browse Setup & Installation experts →

Learn more about our expert service →

Get matched with a specialist who can help.

Frequently Asked Questions

Related Guides

🚀Setup & Installation

How to Configure OpenClaw Gateway with HTTPS

Intermediate30-60 minutes

🛡️Security & Hardening

OpenClaw Security Checklist for Production

Intermediate1-2 hours