Problem: OpenClaw Stops When Your Computer Sleeps

You installed OpenClaw locally, but it only works when your laptop is on. You need your AI assistant responding to WhatsApp messages at 3am or running scheduled tasks while you're away.

You'll learn:

Why AWS EC2 beats running OpenClaw on your laptop
How to set up a secure, always-on instance
Security configurations that prevent exposed gateways

Time: 25 min | Level: Intermediate

Why Run OpenClaw on AWS

OpenClaw is a self-hosted AI assistant that executes real tasks - managing calendars, browsing the web, creating files, running Terminal commands. It connects to WhatsApp, Telegram, Discord, and Slack.

Why cloud over local:

24/7 availability: Responds even when your computer is off
Isolated environment: AI can't access your personal files
Static IP: Reliable webhook endpoints for integrations
No sleep issues: Runs continuously without laptop power management

Common symptoms of local deployment:

Messages go unanswered when laptop sleeps
Scheduled tasks skip when computer is off
Webhooks fail during downtime

Solution

Step 1: Launch EC2 Instance

Log into AWS Console and navigate to EC2.

# These specs are tested to work
Instance type: t3.medium (4 GB RAM minimum)
OS: Ubuntu 24.04 LTS
Storage: 20 GB gp3

Why t3.medium: OpenClaw installation requires 4+ GB RAM. t3.micro (1 GB) fails during setup. t3.medium is $30/month but handles concurrent tasks smoothly.

Click "Launch Instance" and configure:

Name: openclaw-production
AMI: Ubuntu Server 24.04 LTS
Instance type: t3.medium
Key pair: Create new or select existing
Network settings: Create security group with:
- SSH (port 22) - Your IP only
- Custom TCP (port 18789) - Your IP only (for Control UI)

Expected: Instance launches in 2-3 minutes with "Running" status.

If it fails:

Error: "Limit exceeded": Your AWS account has instance limits. Request increase in Service Quotas.
Can't connect: Verify security group allows your IP on port 22.

Step 2: Connect and Install Prerequisites

# Get your instance public IP from AWS Console
ssh -i your-key.pem ubuntu@YOUR_EC2_IP

Once connected, update and install Node.js 22:

# Update system packages
sudo apt update && sudo apt upgrade -y

# Install Node.js 22 (required by OpenClaw)
curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
sudo apt install -y nodejs

# Verify installation
node --version  # Should show v22.x.x

Why Node.js 22: OpenClaw requires Node 22+ for modern JavaScript features and performance improvements.

Expected: node --version returns v22.11.0 or higher.

Step 3: Install OpenClaw

# Run official installer
curl -fsSL https://openclaw.ai/install.sh | bash

# Start onboarding wizard with daemon
openclaw onboard --install-daemon

What the installer does:

Detects Ubuntu and installs dependencies
Clones OpenClaw repository
Configures systemd service for auto-start
Launches interactive setup wizard

Expected: After 90 seconds, you'll see the onboarding wizard prompt.

Step 4: Configure Through Onboarding Wizard

The wizard asks several questions. Here's how to answer for AWS deployment:

Question 1: "This is powerful and inherently risky. Continue?"

Answer: yes

Question 2: "Configuration mode?"

Select: QuickStart (configures safe defaults)

Question 3: "Which LLM provider?"

Select: Anthropic (best compatibility with OpenClaw)
Choose authentication method:
- API Key: Paste your Anthropic API key
- OAuth (Claude Max): Follow terminal instructions to run claude setup-token on your local machine, then paste the token

Question 4: "Configure channels?"

Skip for now (you can add Telegram, WhatsApp later)
Press Enter to continue

Question 5: "Install as daemon?"

Answer: yes (enables auto-start on boot)

Expected: Wizard completes and shows "Gateway started on port 18789"

Step 5: Verify Gateway is Running

# Check service status
openclaw gateway status

You should see:

✓ Gateway daemon is running (PID: 1234)
✓ Control UI: http://127.0.0.1:18789

If it fails:

Error: "Gateway not running": Start it manually with openclaw gateway --port 18789
Port conflict: Check if something else uses 18789 with sudo lsof -i :18789

Step 6: Secure Access with SSH Tunnel

OpenClaw's Control UI runs on port 18789. Instead of exposing it publicly, use SSH tunneling.

On your local computer (not the EC2 instance):

# Forward EC2 port 18789 to your localhost:8080
ssh -i your-key.pem -L 8080:localhost:18789 ubuntu@YOUR_EC2_IP

Keep this terminal open. Now open browser to:

http://localhost:8080

Why tunneling: Exposing port 18789 publicly means anyone can access your AI assistant. SSH tunneling keeps it private to your machine.

Expected: OpenClaw Control UI loads in browser showing dashboard.

Step 7: Test Your Setup

In the Control UI, click "New Chat" and send:

Test message: What's the current time in UTC?

Expected: OpenClaw responds within 3-5 seconds with current UTC time.

If it fails:

No response: Check API key is valid with openclaw config get models.defaultModel
Error 401: API key expired or incorrect. Reconfigure with openclaw onboard

Production Hardening

Enable Auto-Start After Reboot

The daemon is already configured, but verify:

# Check systemd service
sudo systemctl status openclaw-gateway

# Enable on boot (should already be enabled)
sudo systemctl enable openclaw-gateway

Test it: Reboot instance with sudo reboot, wait 2 minutes, reconnect and verify with openclaw gateway status.

Configure Security Group Properly

CRITICAL: Never allow 0.0.0.0/0 access to port 18789.

In AWS Console → EC2 → Security Groups:

Recommended rules:

Port 22 (SSH): Your IP only
Port 18789: Remove if using SSH tunnel, or restrict to your IP

Why this matters: A Shodan search shows exposed gateways on port 18789 with shell access, browser automation, and API keys available to anyone. Proper security group rules prevent this.

Set Up Cloudflare Tunnel (Optional but Recommended)

For persistent access without SSH tunneling:

# Install Cloudflare Tunnel on EC2
curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared.deb

# Authenticate and create tunnel
cloudflared tunnel login
cloudflared tunnel create openclaw

Follow Cloudflare's instructions to route openclaw.yourdomain.com to localhost:18789.

Benefit: Secure HTTPS access without exposing ports or managing SSH tunnels.

Add Messaging Channels

Connect Telegram (Fastest)

Message @BotFather on Telegram
Create bot with /newbot command
Copy the API token
In OpenClaw Control UI → Settings → Channels → Add Telegram
Paste token and save

Test: Message your bot on Telegram. It should respond instantly.

Why Telegram first: Telegram is the smoothest experience with no weird configuration or manifest files.

Connect WhatsApp (Requires Phone)

# In OpenClaw Control UI
Settings → Channels → Add WhatsApp

Follow QR code instructions to link your WhatsApp number.

Security tip: Use a separate WhatsApp number via Numero or similar services to isolate OpenClaw from personal communications.

Verification

Run these checks:

# 1. Gateway running
openclaw gateway status

# 2. Daemon auto-starts
sudo systemctl is-enabled openclaw-gateway

# 3. Check logs for errors
openclaw logs --tail 50

You should see:

Gateway status: Running
Service enabled: enabled
Logs: No error messages, successful message routing

What You Learned

AWS EC2 provides isolated, always-on environment for OpenClaw
t3.medium (4 GB RAM) is minimum spec for stable operation
SSH tunneling secures Control UI access without public exposure
Security groups prevent unauthorized access to your AI assistant

Limitations:

t3.medium costs ~$30/month (not free tier after first year)
Requires managing AWS billing and monitoring
API usage (Claude, OpenAI) is separate cost

When NOT to use AWS:

You already have a Mac Mini or home server running 24/7
You want to save money and can manage local hardware
Your use case doesn't need internet-accessible webhooks