Quick Start

Zero to a hardened, Discord-connected OpenClaw agent on AWS EC2. All commands, no detours.

45 min Beginner Free tier Updated February 2026
Quick Start

Zero to Running in 45 Minutes

This is the condensed version. No explanations, no context, no detours - just the commands in the order you need them. If you get confused on any step or want to understand what you're actually doing, the full EC2 tutorial has you covered.

What you need before starting:
  • An AWS account - free tier covers everything here
  • A ChatGPT Plus account ($20/month) - used as the AI provider via OAuth
  • A Discord account - how you'll talk to your agent once it's running
  • Basic terminal comfort - copy, paste, press Enter
Prefer local hardware over AWS? Running OpenClaw on a mini PC costs nothing monthly after the initial purchase. The Mini PC Setup guide covers the same steps on local hardware. The Ryzen 7 6800H mini PC with 32GB RAM is what these tutorials were built and tested on. (affiliate link)

1. AWS Account & EC2 Instance

In AWS Console:

  1. Go to aws.amazon.com → Create account
  2. EC2 Dashboard → Launch instance
  3. Name: OpenClaw
  4. AMI: Ubuntu 24.04 LTS - free tier eligible
  5. Instance Type: t3.small (free tier)
  6. Key pair: Create new → name it openclaw-key → download .pem file
  7. Network: Default VPC
  8. Security Group: Create new with these inbound rules:
    • SSH port 22 from My IP only
    • HTTP port 80 from anywhere (0.0.0.0/0)
    • HTTPS port 443 from anywhere (0.0.0.0/0)
  9. Storage: 20 GB
  10. Launch → wait for "running" status → note the Public IPv4 address

2. SSH Setup & Security Prep

On your computer:

💻 Your Computer
chmod 600 ~/Downloads/openclaw-key.pem
ssh -i ~/Downloads/openclaw-key.pem ubuntu@YOUR_PUBLIC_AWS_IP

3. Server Hardening

On EC2 (logged in as ubuntu):

Step 1: Create admin user

☁️ AWS EC2
sudo adduser clawadmin
sudo usermod -aG sudo clawadmin

Set a password and hit enter through the rest.

Step 2: Copy SSH keys to clawadmin

☁️ AWS EC2
sudo mkdir -p /home/clawadmin/.ssh
sudo cp /home/ubuntu/.ssh/authorized_keys /home/clawadmin/.ssh/
sudo chown -R clawadmin:clawadmin /home/clawadmin/.ssh
sudo chmod 700 /home/clawadmin/.ssh
sudo chmod 600 /home/clawadmin/.ssh/authorized_keys

Step 3: Test clawadmin login (new terminal on your computer)

💻 Your Computer - new terminal
ssh -i ~/Downloads/openclaw-key.pem clawadmin@YOUR_PUBLIC_AWS_IP
If this fails - stop here and fix it before continuing. Don't lock yourself out. Go back through Step 2 and make sure the key copy worked.

Step 4: Enable UFW firewall (logged in as clawadmin)

☁️ AWS EC2
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw enable

Type y when prompted.

Step 5: Harden SSH config

☁️ AWS EC2
sudo nano /etc/ssh/sshd_config

Use Ctrl+W to find each setting, uncomment it (remove the #), and match these values:

📝 sshd_config changes
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
AllowUsers clawadmin

AllowUsers clawadmin usually doesn't exist - add it as a new line at the bottom. Save: Ctrl+O, Enter, Ctrl+X. Then:

☁️ AWS EC2
sudo systemctl restart ssh

Step 6: Lock ubuntu user and install fail2ban

☁️ AWS EC2
sudo usermod -L ubuntu
sudo apt update
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

4. OpenClaw Installation

On EC2 (logged in as clawadmin):

Step 1: Install OpenClaw

☁️ AWS EC2
curl -fsSL https://openclaw.ai/install.sh | bash

The installer handles Node.js automatically and launches the onboarding wizard. If it starts onboarding straight away, skip to Step 2. If you need to install manually (Node.js 22.19+ minimum, 24 recommended):

☁️ AWS EC2 - manual install
sudo apt update && sudo apt install -y curl
curl -fsSL https://deb.nodesource.com/setup_24.x | sudo bash -
sudo apt install -y nodejs
sudo npm install -g openclaw@latest

Step 2: Run onboarding

☁️ AWS EC2
openclaw onboard --install-daemon
Safetyselect
Yes
Modeselect
QuickStart
Providerselect
OpenAI
Auth methodselect
OpenAI Codex (ChatGPT OAuth) - copy the URL shown, open it in your browser, authorize with your ChatGPT account, then copy the redirect URL from the address bar (http://localhost:1455/auth/callback?code=...) and paste it back into the terminal
Everything elseskip
Channels, skills, hooks, web browsing - Skip / No on all of them
Daemonaccept
Accept the systemd service install - this makes OpenClaw start on boot automatically

When the wizard finishes, select "Hatch in TUI" to drop into the Terminal User Interface.

You're live. Type a message and hit Enter. Your agent is connected to ChatGPT and running as a background service. Now let's give it a way to reach you anywhere.

5. Discord Setup

First: exit TUI to get back to the terminal. Press Ctrl+C twice in succession. You can re-enter any time with openclaw tui.

Step 1: Create a private Discord server

In Discord, click the + in the server list → Create My Own → For me and my friends. Name it something like "My OpenClaw". Create a channel called openclaw inside it.

Step 2: Create a Discord application and bot

  1. Go to discord.com/developers/applications
  2. New Application → name it OpenClaw → agree to terms → Create
  3. Left sidebar → Bot
  4. Click Reset Token → confirm → immediately click Copy and save it somewhere safe. Discord won't show it again without another reset.
  5. Click Save Changes

Step 3: Enable required intents

  1. Still on the Bot page, scroll to Privileged Gateway Intents
  2. Toggle on: Message Content Intent (required), Server Members Intent (required), Presence Intent (optional - enable it while you're here)
  3. Click Save Changes

Step 4: Generate invite link and add bot to your server

  1. Left sidebar → OAuth2 → URL Generator
  2. Scopes: check bot and applications.commands
  3. Permissions: View Channels, Send Messages, Read Message History, Embed Links, Attach Files, Add Reactions
  4. Copy the generated URL, paste it in your browser, select your private server, click Authorize

Step 5: Add Discord to your OpenClaw config

☁️ AWS EC2
nano ~/.openclaw/openclaw.json

Use Ctrl+W to search for "gateway". After the closing brace of the gateway block (add a comma after it if there isn't one), add:

📝 openclaw.json
"channels": {
  "discord": {
    "enabled": true,
    "token": "YOUR_BOT_TOKEN_FROM_STEP_2",
    "dmPolicy": "pairing"
  }
},

Save: Ctrl+O, Enter, Ctrl+X. Then restart:

☁️ AWS EC2
openclaw gateway restart

Wait 15-20 seconds. Your bot should appear online in Discord. DM it or @mention it in your #openclaw channel - it'll respond.

6. Security Checklist

You've already done the hardest parts (key-only SSH, IP-restricted access). Keep these habits:

  • Run openclaw update regularly to stay on the latest version
  • Run sudo apt update && sudo apt upgrade to keep the OS patched
  • Check openclaw logs --follow occasionally - abnormal activity shows up here
  • Never store API keys, passwords, or sensitive files where your agent can read them
  • If your bot token ever leaks - go straight to the Discord Developer Portal and reset it
  • Back up ~/.openclaw/ somewhere safe and offline
Back up to something physical. The Samsung T7 Shield 2TB is a solid choice - keep a copy of your OpenClaw config and keys on it. Same drive works for storing Ollama models if you ever add local AI to your stack. View Samsung T7 Shield on Amazon → (affiliate link)

Full prompt injection and security hardening guide - worth reading before you start using your agent with anything sensitive.

Done. You have a hardened, Discord-connected OpenClaw instance running 24/7 on AWS. Message it from your phone, your laptop, anywhere in the world.

Where to go from here: Full EC2 tutorial for deeper explanations on every step - or jump to Memory Architecture to make your agent actually know who you are.