Copied to Clipboard
Windows PowerShell
Generate the key:
ssh-keygen-trsa-b4096-mPEM-f"$HOME\.ssh\openclaw-dev-key"-C"openclaw-lightsail"
Import it into Lightsail:
$pub=Get-Content"$HOME\.ssh\openclaw-dev-key.pub"-Rawawslightsailimport-key-pair`
--key-pair-nameopenclaw-dev-key`
--public-key-base64$pub`
--regionus-east-1
Validate it:
awslightsailget-key-pairs--regionus-east-1--query"keyPairs[?name=='openclaw-dev-key'].name"--outputtable
4. Bootstrap CDK
You only need to bootstrap once per AWS account and region.
Linux/macOS
./scripts/linux-mac/dev/bootstrap <ACCOUNT_ID> <REGION>
Windows PowerShell
.\scripts\windows\dev\bootstrap.ps1-AccountId<ACCOUNT_ID>-Region<REGION>
5. Run synth and diff
Before deploying, it is a good idea to synthesize the CloudFormation template and review the changes.
Linux/macOS
./scripts/linux-mac/dev/synth
./scripts/linux-mac/dev/diff
Windows PowerShell
.\scripts\windows\dev\synth.ps1.\scripts\windows\dev\diff.ps1
The diff step helps you review what CDK is going to create, update, or remove before applying the deployment.
6. Deploy
Now deploy the stack.
Linux/macOS
./scripts/linux-mac/dev/deploy
Windows PowerShell
.\scripts\windows\dev\deploy.ps1
When the deployment finishes, you should see outputs such as:
- InstanceName
- StaticIpName
- PublicIp
- BedrockRoleArn
7. Verify that everything is running
Connect to the instance using SSH.
Linux/macOS
ssh -i ~/.ssh/openclaw-dev-key ubuntu@<PUBLIC_IP>
Windows PowerShell
ssh-i"$HOME\.ssh\openclaw-dev-key"ubuntu@<PUBLIC_IP>
Then run a quick check:
- Open
http://<PUBLIC_IP> in your browser
- Verify the instance in the Lightsail console
- Confirm that the Bedrock IAM role exists
At this point, your OpenClaw deployment should be up and running on AWS Lightsail.
8. Destroy the stack when you are done
If this is just a test environment, do not forget to destroy the resources when you finish to avoid unnecessary costs.
Linux/macOS
./scripts/linux-mac/dev/destroy
Windows PowerShell
.\scripts\windows\dev\destroy.ps1
Troubleshooting
The KeyPair does not exist
This usually means one of the following:
- The key pair was not created or imported into Lightsail
- The key pair exists in another region
- The key pair is an EC2 key pair instead of a Lightsail key pair
To fix it, create or import the key pair in Lightsail and make sure it is in the correct AWS region.
Stack stuck in ROLLBACK_COMPLETE
If the stack failed and ended in ROLLBACK_COMPLETE, delete the failed stack and deploy again.
CDK Node.js warning
If CDK shows a warning related to Node.js, make sure you are using Node.js 22 LTS.
If you use nvm, run:
nvm use
Final thoughts
The main idea behind this project is not only to deploy an instance.
The real value is having a repeatable deployment process that does not depend on lost notes, forgotten manual steps, or one-time console configurations.
With AWS CDK, Python, uv, and Lightsail, you can keep the setup simple while still applying Infrastructure as Code practices from the beginning.
This makes the deployment easier to reproduce, easier to destroy, and easier to improve over time.