OpenClaw AWS Deploy

Deploy OpenClaw securely on AWS with a single command. Creates VPC, EC2 (ARM64), Telegram channel, and configurable AI model (Bedrock, Gemini, or any provide...

This repository appears to genuinely implement a one-shot AWS deployer for OpenClaw, but take these precautions before running: - Inspect .env files: TELEGRAM_BOT_TOKEN is required and will be written into SSM Parameter Store for the instance to read. Do not put high-value secrets here unless you accept SSM storage. - Use a dedicated deployer identity/account or a dedicated IAM role/profile. The helper role/policy exercises broad EC2/SSM/IAM permissions needed to create and tear down resources; run setup_deployer_role.sh --dry-run to review the exact policy JSON before creating it. - Confirm Bedrock permissions: the deployment will add Bedrock invoke permissions to the instance role even if you don't plan to use Bedrock; if you require stricter controls, modify the instance role policy to a model allowlist before granting bedrock:InvokeModel. - Prefer --dry-run and preflight: run scripts/preflight.sh and use deploy scripts' dry-run mode to see actions that would be taken. - Verify network downloads you are comfortable with (Node tarball from nodejs.org, npm/git during instance bootstrap). If you need an air-gapped or fully-audited bootstrap, prepare your own AMI or adjust user-data to use curated artifacts. - Do not run this from an admin/root account you care about; review all scripts (deploy_minimal.sh, setup_deployer_role.sh, teardown.sh) end-to-end before executing. If you want, I can: (1) point out the exact lines in the scripts that create IAM/SSM resources, (2) extract the inline IAM policy that would be applied, or (3) produce a safe checklist (dry-run steps and minimal permissions) you can follow before running the deploy.

Type: OpenClaw Skill Name: openclaw-aws-deploy Version: 1.0.0 The skill is classified as suspicious due to an overly permissive IAM policy defined in `scripts/setup_deployer_role.sh`. The `SSMParameterStore` statement grants `ssm:*` actions on `Resource: "*"`, allowing the deployer identity to access, modify, or delete *any* SSM parameter in the AWS account, not just those scoped to the OpenClaw deployment. This represents a significant privilege escalation vulnerability. While the skill otherwise demonstrates strong security practices (e.g., SHA256 verification for Node.js, runtime secret fetching from SSM, SSM-only access, IMDSv2 enforcement, robust input validation, and explicit safety rules in agent `SOUL.md`/`AGENTS.md`), this IAM flaw is a critical vulnerability that could be exploited if the deployer's credentials are compromised.