Prerequisites

Get your Telegram User ID

  1. Open Telegram
  2. Search for: @userinfobot
  3. Press Start
  4. The bot will instantly send you your numeric ID, e.g.: 123456789
  5. Save this ID — TELEGRAM_USER_ID

Create a Telegram bot

  1. In Telegram, find: @BotFather
  2. Create a new bot and save the token you receive — TELEGRAM_BOT_TOKEN
  3. Disable Privacy Mode (this is required so the bot can see all messages, otherwise it will ignore them):
    • Send BotFather: /mybots
    • Select your bot
    • Bot Settings → Group Privacy → Turn off
  4. Set up commands (optional, but handy):
    • /mybots → select the bot → Edit Commands
    • Paste:
help - Show available commands
status - Check bot status
clear - Clear conversation context
pair - Device pairing code

Anthropic API key

  1. Go to console.anthropic.com
  2. Sign up or log in
  3. Navigate to Settings > API Keys
  4. Click Create Key — ANTHROPIC_API_KEY

Launching the Instance

Clone the configuration repository

git clone https://github.com/Driim/OpenClaw-AWS-Installation

The repository contains these configuration files:

  • user-data.sh — a script that runs on the first EC2 instance boot. Installs Node.js and Docker.
  • ec2-trust-policy.json — an IAM trust policy that allows the EC2 instance to assume a role for accessing AWS resources.

Create a Security Group

We’ll create a Security Group with only SSH (port 22) open, restricted to your current IP. This protects the instance in case of misconfiguration. We’ll look up our IP, get the VPC ID of the default VPC (present in every account), then create the Security Group and the SSH ingress rule.

MY_IP=$(curl -s https://checkip.amazonaws.com)
DEFAULT_VPC_ID=$(aws ec2 describe-vpcs --filters "Name=is-default,Values=true" --query 'Vpcs[0].VpcId' --output text)
SG_ID=$(aws ec2 create-security-group --group-name "openclaw-security-group" --description "Allows only SSH incoming connection" --vpc-id $DEFAULT_VPC_ID --query 'GroupId' --output text)
aws ec2 authorize-security-group-ingress --group-id $SG_ID --protocol tcp --port 22 --cidr $MY_IP/32

Create an Instance Profile

Create an IAM Role:

aws iam create-role \
  --role-name OpenClawEC2Role \
  --assume-role-policy-document file://ec2-trust-policy.json \
  --description "Role for OpenClaw EC2 instances"

Later you can attach policies to this role to grant the instance additional permissions.

Create an Instance Profile:

aws iam create-instance-profile \
  --instance-profile-name OpenClawEC2Profile

And add the role to the Instance Profile:

aws iam add-role-to-instance-profile \
  --instance-profile-name OpenClawEC2Profile \
  --role-name OpenClawEC2Role

Launch the Instance

First, add an SSH key pair in the AWS console. Save the key name as KEY_NAME.

We already have DEFAULT_VPC_ID. Now get a subnet ID:

SUBNET_ID=$(aws ec2 describe-subnets \
  --filters "Name=vpc-id,Values=$DEFAULT_VPC_ID" \
  --query 'Subnets[0].SubnetId' \
  --output text)

Launch the instance:

aws ec2 run-instances \
  --image-id ami-0c33fcb753a7176f6 \
  --instance-type t3.small \
  --key-name $KEY_NAME \
  --iam-instance-profile Name=OpenClawEC2Profile \
  --security-group-ids $SG_ID \
  --subnet-id $SUBNET_ID \
  --block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"VolumeSize":20,"VolumeType":"gp3"}}]' \
  --user-data file://user-data.sh \
  --associate-public-ip-address \
  --query 'Instances[0].InstanceId' \
  --output text

Wait for the instance to be running:

aws ec2 wait instance-running --instance-ids instance_id_received_on_prev_step

Then get the public IP:

PUBLIC_IP=$(aws ec2 describe-instances \
  --instance-ids $INSTANCE_ID \
  --query 'Reservations[0].Instances[0].PublicIpAddress' \
  --output text)

Wait for user-data.sh to Complete

Connect to the server:

ssh ubuntu@$PUBLIC_IP

Wait until the status shows done:

sudo cloud-init status

# You can check logs:
sudo cat /var/log/cloud-init-output.log

Install OpenClaw

curl -fsSL https://openclaw.ai/install.sh | bash

After installation, the onboarding will start — but that’s a story for another article.