Skip to content

srajasimman/terraform-aws-openclaw

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

8 Commits
.github/workflows
.github/workflows
Β 
Β 
examples/complete
examples/complete
Β 
Β 
.editorconfig
.editorconfig
Β 
Β 
.gitignore
.gitignore
Β 
Β 
AGENTS.md
AGENTS.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
main.tf
main.tf
Β 
Β 
outputs.tf
outputs.tf
Β 
Β 
userdata.sh.tftpl
userdata.sh.tftpl
Β 
Β 
variables.tf
variables.tf
Β 
Β 

Repository files navigation

Terraform AWS OpenClaw

A Terraform module to deploy OpenClaw on AWS EC2 with Tailscale integration. This module provisions a complete infrastructure including VPC, subnet, security groups, and an EC2 instance configured with OpenClaw, Docker, and Tailscale for secure remote access.

Features

  • πŸš€ Automated deployment of OpenClaw on Ubuntu 24.04 LTS
  • πŸ€– Multi-provider LLM support: Anthropic, OpenRouter, OpenAI, and OpenCode Zen
  • πŸ” Tailscale integration for secure remote access
  • 🐳 Docker pre-installed for container-based skills
  • πŸ”‘ Automatic SSH key pair generation
  • 🌐 Complete VPC and networking setup
  • πŸ›‘οΈ Gateway authentication with auto-generated tokens
  • ⚑ Idempotent user data script for safe re-runs

Architecture

This module deploys:

  • VPC with DNS support enabled
  • Internet Gateway for public connectivity
  • Public Subnet with auto-assigned public IPs
  • Security Group allowing SSH and egress traffic
  • EC2 Instance (t3.medium by default) running:
    • Ubuntu 24.04 LTS
    • Docker
    • Node.js (via NVM)
    • OpenClaw
    • Tailscale

Prerequisites

Usage

Basic Example

module "openclaw" {
  source = "github.com/srajasimman/terraform-aws-openclaw"

  region             = "us-east-1"
  instance_type      = "t3.medium"
  
  # LLM Provider (default: anthropic)
  llm_provider       = "anthropic"
  anthropic_api_key  = var.anthropic_api_key
  
  tailscale_auth_key = var.tailscale_auth_key
  tailnet_dns_name   = "your-tailnet.ts.net"
}

Using Different LLM Providers

OpenRouter:

module "openclaw" {
  source = "github.com/srajasimman/terraform-aws-openclaw"

  llm_provider       = "openrouter"
  openrouter_api_key = var.openrouter_api_key
  # ... other required variables
}

OpenAI:

module "openclaw" {
  source = "github.com/srajasimman/terraform-aws-openclaw"

  llm_provider    = "openai"
  openai_api_key  = var.openai_api_key
  # ... other required variables
}

OpenCode Zen:

module "openclaw" {
  source = "github.com/srajasimman/terraform-aws-openclaw"

  llm_provider         = "opencode-zen"
  opencode_zen_api_key = var.opencode_zen_api_key
  # ... other required variables
}

Complete Example

See examples/complete for a full working example.

Requirements

Name Version
terraform >= 1.5
aws ~> 5.0
tls ~> 4.0

Providers

Name Version
aws ~> 5.0
tls ~> 4.0

Modules

No modules.

Resources

Name Type
aws_instance.this resource
aws_internet_gateway.this resource
aws_key_pair.this resource
aws_route_table.this resource
aws_route_table_association.this resource
aws_security_group.this resource
aws_subnet.this resource
aws_vpc.this resource
tls_private_key.gateway resource
tls_private_key.ssh resource
aws_ami.ubuntu data source

Inputs

Name Description Type Default Required
anthropic_api_key Anthropic API key (required when llm_provider is 'anthropic') string "" no
browser_port Port for the OpenClaw browser service number 18791 no
gateway_port Port for the OpenClaw gateway service number 18789 no
instance_type EC2 instance type string "t3.medium" no
llm_provider LLM provider to use with OpenClaw (anthropic, openrouter, openai, or opencode-zen) string "anthropic" no
openai_api_key OpenAI API key (required when llm_provider is 'openai') string "" no
opencode_zen_api_key OpenCode Zen API key (required when llm_provider is 'opencode-zen') string "" no
openrouter_api_key OpenRouter API key (required when llm_provider is 'openrouter') string "" no
region AWS region to deploy resources string "us-east-1" no
tailnet_dns_name Tailnet DNS name (e.g., example.ts.net) string n/a yes
tailscale_auth_key Tailscale authentication key (reusable, ephemeral recommended) string n/a yes

Outputs

Name Description
gateway_token Authentication token for the OpenClaw gateway
public_dns Public DNS name of the EC2 instance
public_ip Public IP address of the EC2 instance
ssh_private_key Private SSH key for accessing the instance
tailscale_url_with_token Full URL to access OpenClaw via Tailscale with token included

Accessing OpenClaw

After deployment:

  1. Retrieve the gateway token:

    terraform output -raw gateway_token

  2. Access via Tailscale:

    terraform output tailscale_url_with_token

    Open this URL in your browser to access the OpenClaw control UI.

  3. SSH access (optional):

    terraform output -raw ssh_private_key > openclaw-key.pem
chmod 600 openclaw-key.pem
ssh -i openclaw-key.pem ubuntu@$(terraform output -raw public_ip)

How It Works

  1. Infrastructure Provisioning: Creates VPC, subnet, internet gateway, security groups, and EC2 instance
  2. SSH Keys: Generates ED25519 SSH key pairs for instance access
  3. Gateway Token: Derives a secure token from the gateway key pair
  4. User Data: Installs and configures:
    • Docker
    • Node.js via NVM
    • OpenClaw CLI
    • Tailscale
  5. OpenClaw Setup: Onboards OpenClaw with API key authentication and local mode
  6. Tailscale Integration: Configures Tailscale serve to expose the gateway securely

Security Considerations

  • πŸ” Gateway token is automatically generated and marked as sensitive
  • πŸ”‘ SSH private key is marked as sensitive in outputs
  • 🌐 OpenClaw gateway is exposed only via Tailscale (loopback binding)
  • ⚠️ SSH port 22 is open to 0.0.0.0/0 (consider restricting in production)
  • πŸ›‘οΈ All sensitive variables (API keys, auth keys) are marked as sensitive

Customization

Change Instance Type

module "openclaw" {
  source = "github.com/srajasimman/terraform-aws-openclaw"
  
  instance_type = "t3.large"  # More resources for complex tasks
  # ... other variables
}

Different Region

module "openclaw" {
  source = "github.com/srajasimman/terraform-aws-openclaw"
  
  region = "eu-west-1"  # Deploy in Europe
  # ... other variables
}

Troubleshooting

Check User Data Execution

ssh -i openclaw-key.pem ubuntu@$(terraform output -raw public_ip)
sudo tail -f /var/log/cloud-init-output.log

Verify OpenClaw Installation

ssh -i openclaw-key.pem ubuntu@$(terraform output -raw public_ip)
source ~/.nvm/nvm.sh
openclaw --version

Check Tailscale Status

ssh -i openclaw-key.pem ubuntu@$(terraform output -raw public_ip)
sudo tailscale status

Cost Estimation

Approximate monthly costs (us-east-1):

  • EC2 t3.medium: ~$30/month
  • EBS gp3 30GB: ~$2.40/month
  • Data transfer: Variable
  • Total: ~$32-35/month (excluding data transfer)

License

See LICENSE file for details.

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

References

About

Terraform module to deploy 🦞 OpenClaw on AWS EC2 with Tailscale integration.

Topics

aws terraform terraform-module openclaw tailscal

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases 2

v1.0.1 Latest
Feb 4, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages