Run OpenClaw 🦞 on AWS Lightsail for $5/month ⛅

AWS FOR THE REAL WORLD

⏱️

Reading time: 12 minutes

🎯

Main Learning: Run an always-on AI agent on a $5 Lightsail instance with zero open ports, SSM access, and GitHub as a time machine for your agent's brain

📝

Blog Post

🎬

Watch on YouTube

Hey Reader 👋🏽

the past weeks there is obviously one driving topic: OpenClaw 🦞

We love seeing that a developer from our neighbor country 🇦🇹 built a tool that got so MUCH hype. That is why we needed to try it out as well!

While I (Sandro) added OpenClaw to my local RaspberryPi that powers my home network, Tobi set it up properly with Terraform & Lightsail.

We're not 100% sure what we do with it, but mainly:

• Reviews of our businesses

• Reminder for certain things like invoices, time tracking, gym

Just an improved version of Siri in your pocket via Telegram/Slack/Discord.

In this week's deep-dive we will see how to deploy it on a VM, for just $5/month (or for free for the first 90 days 🙋‍♂️)

News this week:

This Week in AWS

🤖 AI Registry for Agents Spec (ARA)

If you use Strands, you now have a standardized JSON schema for MCPs, configurations, and more. Let's see if it gets adopted.

🎬 AWS Elemental Inference

This is an actual new managed service. You can hook up a live event like a basketball match, and the service sends you events to EventBridge about highlights and cropping opportunities.

⚠️ App Runner Deprecation

That's a weird one. Somebody at AWS clicked publish too early. Apparently App Runner will be sunset (look at the GitHub issues…), but then they pulled it off again!

Here the full deep-dive in text:

The $5 AWS Setup That Replaced My Local OpenClaw

📚 This Week's Deep Dive

The problem with local AI agents

OpenClaw is an open-source personal AI agent. It connects to your tools — Slack, Notion, Gmail, AWS — and runs tasks on a schedule or on demand.

Running it on your laptop has two problems. First, your laptop sleeps. The agent dies mid-task and has no idea what happened when you come back.

Second, and worse: the agent runs with full access to your machine. SSH keys, browser cookies, local code. If it gets compromised, everything is exposed.

The $5 fix

A dedicated Lightsail instance. The micro_2_0 bundle: 1GB RAM, 1 vCPU, 40GB SSD, 1TB transfer. $5/month flat. No data transfer surprises, no NAT gateway fees. First 90 days free.

Zero open ports with SSM

Lightsail can't attach IAM instance profiles like EC2. Instead, we use SSM hybrid activation. The instance self-registers with Systems Manager on first boot. From that point, you connect via Session Manager. Port 22 stays closed. No SSH keys to manage.

Someone scans your IP? They find nothing.

GitHub as the time machine

The ~/.openclaw directory becomes a Git repo. Every config change, every new skill, every memory update — version controlled. Break something? git checkout to when it worked.

A deploy key scoped to a single repository handles auth. Least privilege, applied to an SSH key.

The inception part

OpenClaw runs a cheap model for daily tasks. But when you want to write new skills, you use Claude Code on your local machine. It connects via SSM and deploys skills directly. A more capable AI improving a less capable one.

What it costs

$5/month for Lightsail. GitHub, SSM, IAM — all free. The variable is LLM usage.

Start with GPT-5 nano or Gemini 2.5 Flash Lite. Do not use a frontier model for an always-on agent. OpenRouter's Auto mode once picked Opus with extended thinking and burned hundreds of dollars in minutes. Set a billing limit before you connect anything.

🚀 Read the Full Tutorial →

Summary

Go ahead, set up your OpenClaw and play around with it.

Yes, it is a lot like using your CLI AI Agent of choice (mine is claude code). But having the ability using a computer, with natural language from your phone, is amazing!

How did you set it up?

See you next week!

Sandro & Tobi ✌🏽

AWS for the Real World