I work on AWS infrastructure (ex-Percona, Box, Dropbox, Pinterest). When OpenClaw blew up, I wanted to run it properly on AWS and was surprised by the default deployment story. The Lightsail blueprint shipped with 31 unpatched CVEs. The standard install guide uses three separate curl-pipe-sh patterns as root. Bitsight found 30,000+ exposed instances in two weeks. OpenClaw's own maintainer said "if you can't understand how to run a command line, this is far too dangerous."
So I built a Terraform module that replaces the defaults with what I'd consider production-grade:
* Cognito + ALB instead of a shared gateway token (per-user identity, MFA) * GPG-verified APT packages instead of curl|bash * systemd with ProtectHome=tmpfs and BindPaths sandboxing * Secrets Manager + KMS instead of plaintext API keys * EFS for persistence across instance replacement * CloudWatch logging with 365-day retention Bedrock is the default LLM provider so it works without any API keys. One terraform apply. Full security writeup: https://infrahouse.com/blog/2026-03-09-deploying-openclaw-on...
I'm sure I've missed things. What would you add or do differently for running an autonomous agent with shell access on a shared server?
The CVE count on the Lightsail blueprint is the part that gets me. 31 unpatched CVEs in the default install is not a hardening problem, it's a baseline hygiene problem. The hardening hasn't even started yet.
The curl-pipe-sh-as-root pattern is endemic to self-hosted AI agent tooling right now. Everyone's moving fast, nobody's thinking about the install footprint. The Bitsight 30k exposed instances number makes more sense when you see what the install process looks like.
Good Terraform module. One thing worth adding if you haven't: credential scoping at the agent level, not just network-level hardening. A hardened perimeter with over-privileged agents inside is still a single compromise away from full blast radius.
Right now the module handles secrets at the infrastructure layer (Secrets Manager + KMS, IAM least-privilege for the EC2 instance), but you're right - agent-level credential scoping is a genuinely different problem that it doesn't address yet. Great feedback, adding it to the roadmap.
On the CVE count - yeah, it really is a baseline hygiene problem, not a hardening problem. The hardening conversation can't even begin until you have a clean image. The fact that this is the default recommended deployment for a tool with 300K users is pretty telling about where the industry is right now. Everyone's shipping "deploy your AI agent in 5 minutes" experiences where minute six is when someone else's agent is running on your infrastructure too.
Can I deploy it using Skill?
Thanks for the interest! The module is standard Terraform - you'd consume it like any other module from the registry or GitHub source. So anything that can run `terraform apply` should work.
That said, I'm not 100% sure which "Skill" you mean - is it the Kubiya skill runtime (skill-ai.dev)? If so, it already has Terraform integration, so wrapping this module should be straightforward.
Happy to help if you run into anything.