profile

AWS for the Real World

Run OpenClaw 🦞 on AWS Lightsail for $5/month β›…

Published 2 months agoΒ β€’Β 2 min read
AWS FOR THE REAL WORLD
⏱️
Reading time: 12 minutes
🎯
Main Learning: Run an always-on AI agent on a $5 Lightsail instance with zero open ports, SSM access, and GitHub as a time machine for your agent's brain
πŸ“
🎬

Hey Reader πŸ‘‹πŸ½

the past weeks there is obviously one driving topic: OpenClaw 🦞

We love seeing that a developer from our neighbor country πŸ‡¦πŸ‡Ή built a tool that got so MUCH hype. That is why we needed to try it out as well!

While I (Sandro) added OpenClaw to my local RaspberryPi that powers my home network, Tobi set it up properly with Terraform & Lightsail.

We're not 100% sure what we do with it, but mainly:

β€’ Reviews of our businesses

β€’ Reminder for certain things like invoices, time tracking, gym

Just an improved version of Siri in your pocket via Telegram/Slack/Discord.

In this week's deep-dive we will see how to deploy it on a VM, for just $5/month (or for free for the first 90 days πŸ™‹β€β™‚οΈ)

video preview​

News this week:

This Week in AWS

πŸ€– AI Registry for Agents Spec (ARA)

If you use Strands, you now have a standardized JSON schema for MCPs, configurations, and more. Let's see if it gets adopted.

Read more β†’

🎬 AWS Elemental Inference

This is an actual new managed service. You can hook up a live event like a basketball match, and the service sends you events to EventBridge about highlights and cropping opportunities.

Read more β†’

⚠️ App Runner Deprecation

That's a weird one. Somebody at AWS clicked publish too early. Apparently App Runner will be sunset (look at the GitHub issues…), but then they pulled it off again!

Read more β†’

Here the full deep-dive in text:

The $5 AWS Setup That Replaced My Local OpenClaw

πŸ“š This Week's Deep Dive

The problem with local AI agents

OpenClaw is an open-source personal AI agent. It connects to your tools β€” Slack, Notion, Gmail, AWS β€” and runs tasks on a schedule or on demand.

Running it on your laptop has two problems. First, your laptop sleeps. The agent dies mid-task and has no idea what happened when you come back.

Second, and worse: the agent runs with full access to your machine. SSH keys, browser cookies, local code. If it gets compromised, everything is exposed.

The $5 fix

A dedicated Lightsail instance. The micro_2_0 bundle: 1GB RAM, 1 vCPU, 40GB SSD, 1TB transfer. $5/month flat. No data transfer surprises, no NAT gateway fees. First 90 days free.

Zero open ports with SSM

Lightsail can't attach IAM instance profiles like EC2. Instead, we use SSM hybrid activation. The instance self-registers with Systems Manager on first boot. From that point, you connect via Session Manager. Port 22 stays closed. No SSH keys to manage.

Someone scans your IP? They find nothing.

GitHub as the time machine

The ~/.openclaw directory becomes a Git repo. Every config change, every new skill, every memory update β€” version controlled. Break something? git checkout to when it worked.

A deploy key scoped to a single repository handles auth. Least privilege, applied to an SSH key.

The inception part

OpenClaw runs a cheap model for daily tasks. But when you want to write new skills, you use Claude Code on your local machine. It connects via SSM and deploys skills directly. A more capable AI improving a less capable one.

What it costs

$5/month for Lightsail. GitHub, SSM, IAM β€” all free. The variable is LLM usage.

Start with GPT-5 nano or Gemini 2.5 Flash Lite. Do not use a frontier model for an always-on agent. OpenRouter's Auto mode once picked Opus with extended thinking and burned hundreds of dollars in minutes. Set a billing limit before you connect anything.

Summary

Go ahead, set up your OpenClaw and play around with it.

Yes, it is a lot like using your CLI AI Agent of choice (mine is claude code). But having the ability using a computer, with natural language from your phone, is amazing!

How did you set it up?

See you next week!

Sandro & Tobi ✌🏽

AWS for the Real World

by Tobi & Sandro

We teach AWS for the real world - not for certifications. Join more than 10,500 developers learning how to build real-world applications on AWS.

Read more from AWS for the Real World

AWS FOR THE REAL WORLD ⏱️ Reading time: 6 minutes 🎯 Main Learning: Three levels of AWS observability β€” from raw console.log to a Claude Code agent that queries CloudWatch for you. πŸ“ Blog Post πŸ“‚ Claude Code agent (free gist) 🎬 Watch on YouTube Hey Reader πŸ‘‹πŸ½Quick check β€” when did you last close the CloudWatch console and feel like that was time well spent?Yeah, me too. And I'm done with it. In this week's video, I will show you how to never open the CloudWatch console again. As a good...

4 days agoΒ β€’Β 2 min read
AWS DevOps Agent β€” your AI SRE is now on call

AWS FOR THE REAL WORLD ⏱️ Reading time: 12 minutes 🎯 Main Learning: AWS DevOps Agent investigates incidents autonomously across CloudWatch, CloudTrail, and your code. It surfaces evidence brilliantly β€” but can confidently point at the wrong root cause, so don't apply its fixes blindly. πŸ“ Blog Post Hey Reader πŸ‘‹πŸ½ I was in Portugal for the past week. 10 days of tennis, padel, sun and waves 🎾 Highly recommended place! Our daily lives as software developers really changed since we started using...

6 days agoΒ β€’Β 3 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 10 minutes 🎯 Main Learning: S3 Files gives POSIX access at S3 prices: 13x cheaper than EFS for large files, but the 60-second write-back delay silently breaks coordination patterns! πŸ“ Blog Post πŸ’» GitHub Repository 🎬 Watch on YouTube Hey Reader πŸ‘‹πŸ½ Sandro is currently traveling through Portugal - work and fun combined! If you happen to be around, reach out. Would be great to meet up! 🀝 This week we're digging into S3 Files: a POSIX file system backed by...

17 days agoΒ β€’Β 3 min read