profile

AWS for the Real World

Run OpenClaw 🦞 on AWS Lightsail for $5/month β›…

Published about 11 hours agoΒ β€’Β 2 min read
AWS FOR THE REAL WORLD
⏱️
Reading time: 12 minutes
🎯
Main Learning: Run an always-on AI agent on a $5 Lightsail instance with zero open ports, SSM access, and GitHub as a time machine for your agent's brain
πŸ“
🎬

Hey Reader πŸ‘‹πŸ½

the past weeks there is obviously one driving topic: OpenClaw 🦞

We love seeing that a developer from our neighbor country πŸ‡¦πŸ‡Ή built a tool that got so MUCH hype. That is why we needed to try it out as well!

While I (Sandro) added OpenClaw to my local RaspberryPi that powers my home network, Tobi set it up properly with Terraform & Lightsail.

We're not 100% sure what we do with it, but mainly:

β€’ Reviews of our businesses

β€’ Reminder for certain things like invoices, time tracking, gym

Just an improved version of Siri in your pocket via Telegram/Slack/Discord.

In this week's deep-dive we will see how to deploy it on a VM, for just $5/month (or for free for the first 90 days πŸ™‹β€β™‚οΈ)

video preview​

News this week:

This Week in AWS

πŸ€– AI Registry for Agents Spec (ARA)

If you use Strands, you now have a standardized JSON schema for MCPs, configurations, and more. Let's see if it gets adopted.

Read more β†’

🎬 AWS Elemental Inference

This is an actual new managed service. You can hook up a live event like a basketball match, and the service sends you events to EventBridge about highlights and cropping opportunities.

Read more β†’

⚠️ App Runner Deprecation

That's a weird one. Somebody at AWS clicked publish too early. Apparently App Runner will be sunset (look at the GitHub issues…), but then they pulled it off again!

Read more β†’

Here the full deep-dive in text:

The $5 AWS Setup That Replaced My Local OpenClaw

πŸ“š This Week's Deep Dive

The problem with local AI agents

OpenClaw is an open-source personal AI agent. It connects to your tools β€” Slack, Notion, Gmail, AWS β€” and runs tasks on a schedule or on demand.

Running it on your laptop has two problems. First, your laptop sleeps. The agent dies mid-task and has no idea what happened when you come back.

Second, and worse: the agent runs with full access to your machine. SSH keys, browser cookies, local code. If it gets compromised, everything is exposed.

The $5 fix

A dedicated Lightsail instance. The micro_2_0 bundle: 1GB RAM, 1 vCPU, 40GB SSD, 1TB transfer. $5/month flat. No data transfer surprises, no NAT gateway fees. First 90 days free.

Zero open ports with SSM

Lightsail can't attach IAM instance profiles like EC2. Instead, we use SSM hybrid activation. The instance self-registers with Systems Manager on first boot. From that point, you connect via Session Manager. Port 22 stays closed. No SSH keys to manage.

Someone scans your IP? They find nothing.

GitHub as the time machine

The ~/.openclaw directory becomes a Git repo. Every config change, every new skill, every memory update β€” version controlled. Break something? git checkout to when it worked.

A deploy key scoped to a single repository handles auth. Least privilege, applied to an SSH key.

The inception part

OpenClaw runs a cheap model for daily tasks. But when you want to write new skills, you use Claude Code on your local machine. It connects via SSM and deploys skills directly. A more capable AI improving a less capable one.

What it costs

$5/month for Lightsail. GitHub, SSM, IAM β€” all free. The variable is LLM usage.

Start with GPT-5 nano or Gemini 2.5 Flash Lite. Do not use a frontier model for an always-on agent. OpenRouter's Auto mode once picked Opus with extended thinking and burned hundreds of dollars in minutes. Set a billing limit before you connect anything.

Summary

Go ahead, set up your OpenClaw and play around with it.

Yes, it is a lot like using your CLI AI Agent of choice (mine is claude code). But having the ability using a computer, with natural language from your phone, is amazing!

How did you set it up?

See you next week!

Sandro & Tobi ✌🏽

AWS for the Real World

by Tobi & Sandro

We teach AWS for the real world - not for certifications. Join more than 10,500 developers learning how to build real-world applications on AWS.

Read more from AWS for the Real World

AWS FOR THE REAL WORLD ⏱️ Reading time: 8 minutes 🎯 Main Learning: How to securely connect Claude Code to a private RDS database using MCP, SSM tunnels, and VPC endpoints πŸ“ Blog Post πŸ’» GitHub Repository 🎬 Watch on YouTube Hey Reader πŸ‘‹πŸ½ AI coding assistants are great. If you give them the right context. Your database schema is one of the most valuable pieces of context you can provide. But there's a problem: your RDS is in a private subnet. As it should be. So how do you connect Claude Code to...

15 days agoΒ β€’Β 2 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 8 minutes 🎯 Main Learning: How to pause Step Function workflows for human approval using the callback pattern πŸ“ Blog Post πŸ’» GitHub Repository 🎬 Watch on YouTube Hey Reader πŸ‘‹πŸ½ I've used this pattern in almost every project I've built. Whenever you need a human in the loop - approvals, reviews, manual checks - and you still want to see what's happening, Step Functions are perfect. Lambda is my go-to for almost everything. APIs S3 triggers event consumers...

28 days agoΒ β€’Β 2 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 5 minutes 🎯 Main Learning: How to make Claude write production-ready Terraform instead of technical debt 🎬 Watch on YouTube πŸ“ Blog Post πŸ’» GitHub Repository Hey Reader πŸ‘‹πŸ½ We've been heads-down the past weeks. Preparing the live AMA workshops from Black Friday (sorry for the delay!) and recording new YouTube videos. It's been a lot of fun. Speaking of videos - this week Tobi recorded one you'll want to watch. Here's the problem: LLMs want to close the...

about 1 month agoΒ β€’Β 1 min read