profile

AWS for the Real World

Run OpenClaw 🦞 on AWS Lightsail for $5/month β›…

Published 21 days agoΒ β€’Β 2 min read
AWS FOR THE REAL WORLD
⏱️
Reading time: 12 minutes
🎯
Main Learning: Run an always-on AI agent on a $5 Lightsail instance with zero open ports, SSM access, and GitHub as a time machine for your agent's brain
πŸ“
🎬

Hey Reader πŸ‘‹πŸ½

the past weeks there is obviously one driving topic: OpenClaw 🦞

We love seeing that a developer from our neighbor country πŸ‡¦πŸ‡Ή built a tool that got so MUCH hype. That is why we needed to try it out as well!

While I (Sandro) added OpenClaw to my local RaspberryPi that powers my home network, Tobi set it up properly with Terraform & Lightsail.

We're not 100% sure what we do with it, but mainly:

β€’ Reviews of our businesses

β€’ Reminder for certain things like invoices, time tracking, gym

Just an improved version of Siri in your pocket via Telegram/Slack/Discord.

In this week's deep-dive we will see how to deploy it on a VM, for just $5/month (or for free for the first 90 days πŸ™‹β€β™‚οΈ)

video preview​

News this week:

This Week in AWS

πŸ€– AI Registry for Agents Spec (ARA)

If you use Strands, you now have a standardized JSON schema for MCPs, configurations, and more. Let's see if it gets adopted.

Read more β†’

🎬 AWS Elemental Inference

This is an actual new managed service. You can hook up a live event like a basketball match, and the service sends you events to EventBridge about highlights and cropping opportunities.

Read more β†’

⚠️ App Runner Deprecation

That's a weird one. Somebody at AWS clicked publish too early. Apparently App Runner will be sunset (look at the GitHub issues…), but then they pulled it off again!

Read more β†’

Here the full deep-dive in text:

The $5 AWS Setup That Replaced My Local OpenClaw

πŸ“š This Week's Deep Dive

The problem with local AI agents

OpenClaw is an open-source personal AI agent. It connects to your tools β€” Slack, Notion, Gmail, AWS β€” and runs tasks on a schedule or on demand.

Running it on your laptop has two problems. First, your laptop sleeps. The agent dies mid-task and has no idea what happened when you come back.

Second, and worse: the agent runs with full access to your machine. SSH keys, browser cookies, local code. If it gets compromised, everything is exposed.

The $5 fix

A dedicated Lightsail instance. The micro_2_0 bundle: 1GB RAM, 1 vCPU, 40GB SSD, 1TB transfer. $5/month flat. No data transfer surprises, no NAT gateway fees. First 90 days free.

Zero open ports with SSM

Lightsail can't attach IAM instance profiles like EC2. Instead, we use SSM hybrid activation. The instance self-registers with Systems Manager on first boot. From that point, you connect via Session Manager. Port 22 stays closed. No SSH keys to manage.

Someone scans your IP? They find nothing.

GitHub as the time machine

The ~/.openclaw directory becomes a Git repo. Every config change, every new skill, every memory update β€” version controlled. Break something? git checkout to when it worked.

A deploy key scoped to a single repository handles auth. Least privilege, applied to an SSH key.

The inception part

OpenClaw runs a cheap model for daily tasks. But when you want to write new skills, you use Claude Code on your local machine. It connects via SSM and deploys skills directly. A more capable AI improving a less capable one.

What it costs

$5/month for Lightsail. GitHub, SSM, IAM β€” all free. The variable is LLM usage.

Start with GPT-5 nano or Gemini 2.5 Flash Lite. Do not use a frontier model for an always-on agent. OpenRouter's Auto mode once picked Opus with extended thinking and burned hundreds of dollars in minutes. Set a billing limit before you connect anything.

Summary

Go ahead, set up your OpenClaw and play around with it.

Yes, it is a lot like using your CLI AI Agent of choice (mine is claude code). But having the ability using a computer, with natural language from your phone, is amazing!

How did you set it up?

See you next week!

Sandro & Tobi ✌🏽

AWS for the Real World

by Tobi & Sandro

We teach AWS for the real world - not for certifications. Join more than 10,500 developers learning how to build real-world applications on AWS.

Read more from AWS for the Real World

AWS FOR THE REAL WORLD ⏱️ Reading time: 12 minutes 🎯 Main Learning: The 11 most impactful AWS releases from the past 12 months that have nothing to do with AI. πŸ“ Blog Post Hey Reader πŸ‘‹ Every re:Invent recap, every AWS blog, every newsletter from the past year has been dominated by one topic. You know which one. But while everyone was writing about agents and foundation models, the core infrastructure layer kept moving. Quiet releases. No keynote fanfare. Things that actually affect your...

7 days agoΒ β€’Β 2 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 5 minutes 🎯 Main Learning: Deploy AWS's open-source TEAM solution for temporary admin access with approval workflows 🎬 Watch on YouTube Hey Reader πŸ‘‹πŸ½ I hope you had a great weekend and have a great week ahead. One thing I see over and over again in AWS setups: admin permissions are either handed out way too easily or way too hard. There is no middle ground. In other systems this was already solved. You shouldn’t have to DM somebody for admin access. We...

14 days agoΒ β€’Β 3 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 8 minutes 🎯 Main Learning: How to securely connect Claude Code to a private RDS database using MCP, SSM tunnels, and VPC endpoints πŸ“ Blog Post πŸ’» GitHub Repository 🎬 Watch on YouTube Hey Reader πŸ‘‹πŸ½ AI coding assistants are great. If you give them the right context. Your database schema is one of the most valuable pieces of context you can provide. But there's a problem: your RDS is in a private subnet. As it should be. So how do you connect Claude Code to...

about 1 month agoΒ β€’Β 2 min read