Your own AI assistant on AWS — connects to WhatsApp, Telegram, Discord, Slack. Powered by Amazon Bedrock. No API keys. One-click deploy. ~$40/month.
English | 简体中文
OpenClaw is the fastest-growing open-source AI assistant — it runs on your hardware, connects to your messaging apps, and actually does things: manages email, browses the web, runs commands, schedules tasks.
The problem: setting it up means managing API keys from multiple providers, configuring VPNs, and handling security yourself.
This project solves that. One CloudFormation stack gives you:
- Amazon Bedrock for model access — 10 models, one unified API, IAM authentication (no API keys)
- Graviton ARM instances — 20-40% cheaper than x86
- SSM Session Manager — secure access without opening ports
- VPC Endpoints — traffic stays on AWS private network
- CloudTrail — every API call audited automatically
Deploy in 8 minutes. Access from your phone.
- Click "Launch Stack" for your region
- Select an EC2 key pair
- Wait ~8 minutes
- Check the Outputs tab
| Region | Launch |
|---|---|
| US West (Oregon) |  |
| US East (Virginia) | |
| EU (Ireland) | |
| Asia Pacific (Tokyo) | |
Prerequisites: Enable Bedrock models in the Bedrock Console and create an EC2 key pair in your target region.
🦞 Just open the Web UI and say hi. All messaging plugins (WhatsApp, Telegram, Discord, Slack, Feishu) are pre-installed. Tell your OpenClaw which platform you want to connect — it will guide you through the entire setup step by step. No manual configuration needed.
# 1. Install SSM Session Manager Plugin (one-time)
# https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
# 2. Start port forwarding (keep terminal open)
INSTANCE_ID=$(aws cloudformation describe-stacks \
--stack-name openclaw-bedrock \
--query 'Stacks[0].Outputs[?OutputKey==`InstanceId`].OutputValue' \
--output text --region us-west-2)
aws ssm start-session \
--target $INSTANCE_ID \
--region us-west-2 \
--document-name AWS-StartPortForwardingSession \
--parameters '{"portNumber":["18789"],"localPortNumber":["18789"]}'
# 3. Get your token (in a second terminal)
TOKEN=$(aws ssm get-parameter \
--name /openclaw/openclaw-bedrock/gateway-token \
--with-decryption \
--query Parameter.Value \
--output text --region us-west-2)
# 4. Open in browser
echo "http://localhost:18789/?token=$TOKEN"aws cloudformation create-stack \
--stack-name openclaw-bedrock \
--template-body file://clawdbot-bedrock.yaml \
--parameters ParameterKey=KeyPairName,ParameterValue=your-keypair \
--capabilities CAPABILITY_IAM \
--region us-west-2
aws cloudformation wait stack-create-complete \
--stack-name openclaw-bedrock --region us-west-2Prefer a guided experience? Kiro walks you through deployment conversationally — just open this repo as a workspace and say "help me deploy OpenClaw".
Once deployed, connect your preferred platform in the Web UI under "Channels":
| Platform | Setup | Guide |
|---|---|---|
| Scan QR code from your phone | docs | |
| Telegram | Create bot via @BotFather, paste token | docs |
| Discord | Create app in Developer Portal, paste bot token | docs |
| Slack | Create app at api.slack.com, install to workspace | docs |
| Microsoft Teams | Requires Azure Bot setup | docs |
| Lark / Feishu | Community plugin: openclaw-feishu | — |
Full platform docs: docs.openclaw.ai
Once connected, just message it:
You: What's the weather in Tokyo?
You: Summarize this PDF [attach file]
You: Remind me every day at 9am to check emails
You: Open google.com and search for "AWS Bedrock pricing"
| Command | What it does |
|---|---|
/status |
Show model, tokens used, cost |
/new |
Start fresh conversation |
/think high |
Enable deep reasoning mode |
/help |
List all commands |
Voice messages work on WhatsApp and Telegram — OpenClaw transcribes and responds.
You (WhatsApp/Telegram/Discord)
│
▼
┌─────────────────────────────────────────────┐
│ AWS Cloud │
│ │
│ EC2 (OpenClaw) ──IAM──▶ Bedrock │
│ │ (Nova/Claude) │
│ │ │
│ VPC Endpoints CloudTrail │
│ (private network) (audit logs) │
└─────────────────────────────────────────────┘
│
▼
You (receive response)
- EC2: Runs OpenClaw gateway (~1GB RAM)
- Bedrock: Model inference via IAM (no API keys)
- SSM: Secure access, no public ports
- VPC Endpoints: Private network to Bedrock (optional, +$22/mo)
Switch models with one CloudFormation parameter — no code changes:
| Model | Input/Output per 1M tokens | Best for |
|---|---|---|
| Nova 2 Lite (default) | $0.30 / $2.50 | Everyday tasks, 90% cheaper than Claude |
| Nova Pro | $0.80 / $3.20 | Balanced performance, multimodal |
| Claude Sonnet 4.5 | $3.00 / $15.00 | Complex reasoning, coding |
| Claude Haiku 4.5 | $1.00 / $5.00 | Fast and efficient |
| DeepSeek R1 | $0.55 / $2.19 | Open-source reasoning |
| Llama 3.3 70B | — | Open-source alternative |
| Kimi K2.5 | $0.60 / $3.00 | Multimodal agentic, 262K context |
Uses Global CRIS profiles — deploy in any region, requests auto-route to optimal locations.
| Component | Cost |
|---|---|
| EC2 (t4g.medium, Graviton) | $24 |
| EBS (30GB gp3) | $2.40 |
| VPC Endpoints (optional) | $22 |
| Bedrock (Nova 2 Lite, ~100 conv/day) | $5-8 |
| Total | $31-56 |
- Use Nova 2 Lite instead of Claude → 90% cheaper
- Use Graviton (ARM) instead of x86 → 20-40% cheaper
- Skip VPC Endpoints → save $22/mo (less secure)
- AWS Savings Plans → 30-40% off EC2
| Option | Cost | What you get |
|---|---|---|
| ChatGPT Plus | $20/person/month | Single user, no integrations |
| This project (5 users) | ~$10/person/month | Multi-user, WhatsApp/Telegram/Discord, full control |
| Local Mac Mini | $0 server + $20-30 API | Hardware cost, manage yourself |
| Type | Monthly | RAM | Architecture | Use case |
|---|---|---|---|---|
| t4g.small | $12 | 2GB | Graviton ARM | Personal |
| t4g.medium | $24 | 4GB | Graviton ARM | Small teams (default) |
| t4g.large | $48 | 8GB | Graviton ARM | Medium teams |
| c7g.xlarge | $108 | 8GB | Graviton ARM | High performance |
| t3.medium | $30 | 4GB | x86 | x86 compatibility |
| Parameter | Default | Description |
|---|---|---|
OpenClawModel |
Nova 2 Lite | Bedrock model ID |
InstanceType |
c7g.large | EC2 instance type |
CreateVPCEndpoints |
true | Private networking (+$22/mo) |
EnableSandbox |
true | Docker isolation for code execution |
CreateS3Bucket |
true | S3 bucket for file sharing skill |
InstallS3FilesSkill |
true | Auto-install S3 file sharing |
KeyPairName |
none | EC2 key pair (optional, for emergency SSH) |
Best for most users. Fixed cost, full control, 24/7 availability.
Multi-Tenant Platform (AgentCore Runtime) — README_AGENTCORE.md
✅ E2E verified — Full pipeline running: IM → Gateway → Bedrock H2 Proxy → Tenant Router → AgentCore Firecracker microVM → OpenClaw CLI → Bedrock → response. Demo Guide →
Turn OpenClaw from a single-user tool into an enterprise platform: every employee gets an isolated AI assistant in a Firecracker microVM, with shared skills, centralized governance, and per-tenant permissions. Zero changes to OpenClaw code.
Telegram/WhatsApp message
→ OpenClaw Gateway (IM channels, Web UI)
→ Bedrock H2 Proxy (intercepts AWS SDK HTTP/2 calls)
→ Tenant Router (derives tenant_id per employee)
→ AgentCore Runtime (Firecracker microVM, per-tenant isolation)
→ OpenClaw CLI → Bedrock Nova 2 Lite
→ Response returns to employee's IM
| What you get | How | Status |
|---|---|---|
| Tenant isolation | Firecracker microVM per user (AgentCore Runtime) | ✅ Verified |
| Shared model access | One Bedrock account, per-tenant metering (~$1-2/person/month) | ✅ Verified |
| Per-tenant permission profiles | SSM-based rules, Plan A (prompt injection) + Plan E (audit) | ✅ Verified |
| IM channel management | Same setup as single-user (WhatsApp/Telegram/Discord) | ✅ Verified |
| Zero OpenClaw code changes | All management via external layers (proxy, router, entrypoint) | ✅ Verified |
| Shared skills with bundled SaaS keys | Install once, authorize per tenant | 🔜 Next |
| Human approval workflow | Auth Agent → admin notification → approve/reject | 🔜 Next |
| Elastic compute | Auto-scaling microVMs, burst capacity, pay-per-use | ✅ Verified |
| Metric | Value |
|---|---|
| Cold start (user-perceived) | ~3s (fast-path direct Bedrock) |
| Cold start (real microVM) | ~22-25s (background, user doesn't wait) |
| Warm request | ~5-10s |
| Cost for 50 users | |
| vs ChatGPT Plus (50 users) | $1,000/month |
→ Full Multi-Tenant Guide · → Demo Guide · → Roadmap
🏢 Enterprise Digital Workforce Platform — enterprise/
NEW — Turn OpenClaw into a centrally managed digital workforce for your entire organization. Each employee gets a role-specific AI agent with unique identity, permissions, memory, and knowledge — all governed by IT, without modifying a single line of OpenClaw code.
Built on top of the Multi-Tenant AgentCore Runtime, the Enterprise platform adds:
┌─────────────────────────────────────────────────────────┐
│ Admin Console (19 pages) + Employee Portal (5 pages) │
│ React + Tailwind + FastAPI + DynamoDB + S3 │
├─────────────────────────────────────────────────────────┤
│ Three-Layer SOUL Architecture │
│ Global (IT locked) → Position (dept admin) → Personal │
│ Same LLM, completely different agent identities │
├─────────────────────────────────────────────────────────┤
│ Enterprise Controls │
│ RBAC (admin/manager/employee) · Skill governance │
│ Audit trail + AI anomaly detection · Usage tracking │
│ Memory persistence · Knowledge base (Markdown in S3) │
└─────────────────────────────────────────────────────────┘
| Design Principle | What It Means |
|---|---|
| Zero invasion | Controls OpenClaw via workspace files (SOUL.md, TOOLS.md). No fork, no patch. Upgrade OpenClaw independently. |
| Serverless-first | Firecracker microVM per request via AgentCore. 20 agents = ~$65/mo (vs ChatGPT Team $500/mo). |
| Security by design | No open ports, no hardcoded credentials, tenant isolation, IAM least privilege, comprehensive audit. |
| File-first knowledge | Markdown in S3, not a vector DB. Zero infra cost, human-readable, scope-controlled. |
| What's Included | Details |
|---|---|
| 24 pages | Dashboard, Org Tree, Agents, SOUL Editor, Workspace, Skills, Knowledge, Monitor, Audit, Usage, Approvals, Settings, Playground + 5 Portal pages |
| 35+ API endpoints | FastAPI with DynamoDB single-table design, S3 operations, JWT auth |
| 3-role RBAC | Admin (full), Manager (department-scoped), Employee (portal only) |
| 10 SOUL templates | SA, SDE, DevOps, QA, AE, PM, Finance, HR, CSM, Legal |
| 26 skills | Role-filtered with allowedRoles/blockedRoles manifests |
| Sample org | 20 employees, 20 agents, 13 departments — seed scripts included |
→ Enterprise Platform Guide · → Enterprise Roadmap
| Type | Chip | RAM | Monthly |
|---|---|---|---|
| mac2.metal | M1 | 16GB | $468 |
| mac2-m2.metal | M2 | 24GB | $632 |
| mac2-m2pro.metal | M2 Pro | 32GB | $792 |
24-hour minimum allocation. Only use for Apple development workflows — Linux is 12x cheaper for general use.
| Region | Launch |
|---|---|
| US West (Oregon) | |
| US East (Virginia) | |
Uses SiliconFlow (DeepSeek, Qwen, GLM) instead of Bedrock. Requires a SiliconFlow API key.
| Region | Launch |
|---|---|
| cn-north-1 (Beijing) | |
| cn-northwest-1 (Ningxia) | |
→ China Deployment Guide (中国区部署指南)
| Layer | What it does |
|---|---|
| IAM Roles | No API keys — automatic credential rotation |
| SSM Session Manager | No public ports, session logging |
| VPC Endpoints | Bedrock traffic stays on private network |
| SSM Parameter Store | Gateway token stored as SecureString, never on disk |
| Supply-chain protection | Docker via GPG-signed repos, NVM via download-then-execute (no curl | sh) |
| Docker Sandbox | Isolates code execution in group chats |
| CloudTrail | Every Bedrock API call audited |
Optional extensions for OpenClaw:
- S3 Files Skill — Upload and share files via S3 with pre-signed URLs (auto-installed by default)
- Kiro CLI Skill — AI-powered coding via Kiro CLI
- AWS Backup Skill — S3 backup/restore with optional KMS encryption
# Start interactive session
aws ssm start-session --target i-xxxxxxxxx --region us-east-1
# Switch to ubuntu user
sudo su - ubuntu
# Run OpenClaw commands
openclaw --version
openclaw gateway statusCommon issues and fixes: TROUBLESHOOTING.md
Step-by-step deployment guide: DEPLOYMENT.md
We're building the enterprise OpenClaw platform in the open — from single-user deployment to multi-tenant digital workforce. Whether you're an enterprise architect, a skill developer, a security researcher, or just someone who wants a better AI assistant, there's a place for you.
Areas where we need help most:
- Enterprise platform testing (RBAC, SOUL injection, permission boundaries)
- End-to-end multi-tenant testing
- Skills with bundled SaaS credentials (Jira, Salesforce, SAP)
- Agent-to-agent orchestration
- Cost benchmarking (AgentCore vs EC2)
- Security audits and penetration testing
→ Roadmap · → Contributing Guide · → GitHub Issues
- OpenClaw Docs · OpenClaw GitHub
- Amazon Bedrock Docs · SSM Session Manager
- OpenClaw on Lightsail (official AWS blog)
- This Project: GitHub Issues
- OpenClaw: GitHub Issues · Discord
- AWS Bedrock: AWS re:Post
Built with Kiro 🦞