Amazon Elastic Compute Cloud (EC2) lets you run virtual machines on AWS infrastructure with flexible pricing and a free tier for new accounts. In this guide we will launch an EC2 instance and configure it securely so you can run IronClaw and expose it to the internet.
Do not feel like setting up your own infrastructure? You can install IronClaw with a few clicks on agent.near.ai
Create an EC2 Instance
Sign in to the AWS Management Console and navigate to EC2 → Instances → Launch Instances.
Configure the following:
- Name: choose a descriptive name (e.g.
ironclaw)
- AMI: Ubuntu Server 24.04 LTS (free tier eligible)
- Instance type:
t2.micro or t3.micro (free tier eligible) — sufficient for most use cases
- Key pair: click Create new key pair, give it a name, choose RSA and
.pem format, then download the file. Keep it in a safe place — you will not be able to download it again.
# Restrict permissions on the downloaded key (required by SSH)
chmod 400 ~/.ssh/your-key.pem
| Type | Protocol | Port | Source |
|---|
| SSH | TCP | 22 | My IP |
| HTTP | TCP | 80 | Anywhere |
| HTTPS | TCP | 443 | Anywhere |
Restricting SSH to My IP is strongly recommended. It prevents brute-force attacks from the open internet. You can update this rule later if your IP changes.
Click Launch Instance. AWS will take a few seconds to provision the instance.
Access Your Instance
Once the instance is running, find its Public IPv4 address in the Instances list.
Connect from your terminal using the .pem key you downloaded:
# Replace <KEY_PATH> and <IP_ADDRESS> accordingly
ssh -i <KEY_PATH> ubuntu@<IP_ADDRESS>
The default username for Ubuntu AMIs is ubuntu. For Amazon Linux AMIs it would be ec2-user.
Root Access
Unlike DigitalOcean Droplets, EC2 Ubuntu instances do not let you log in directly as root. Instead, the ubuntu user has passwordless sudo privileges. All privileged commands in this guide are prefixed with sudo so you can run them directly without switching users.
Now that we are inside the instance, we need to perform some initial configuration. We want to strengthen security by setting up a dedicated user and preparing the system for running IronClaw.
Update and Upgrade
First, make sure the system is up to date:
sudo apt update && sudo apt upgrade -y
Create a New User
It is good practice to create a dedicated user with sudo privileges instead of using ubuntu for all operations. You can create a new user (for example, ironclaw) and add it to the sudo group:
sudo adduser ironclaw
sudo usermod -aG sudo ironclaw
ubuntu to the new user so you can log in with the same key pair:
# Create the .ssh directory for the user
sudo mkdir -p /home/ironclaw/.ssh
# Copy the authorized_keys from the ubuntu user
sudo cp ~/.ssh/authorized_keys /home/ironclaw/.ssh/authorized_keys
# Set the correct ownership (critical — SSH will ignore the file otherwise)
sudo chown -R ironclaw:ironclaw /home/ironclaw/
sudo chmod 700 /home/ironclaw/.ssh
sudo chmod 600 /home/ironclaw/.ssh/authorized_keys
ssh -i <KEY_PATH> ironclaw@<IP_ADDRESS>
Do not move forward until you have confirmed that you can log in with the new user. If you lose access without another user set up, you will need to reset your instance and start over.
EC2 Security Groups already act as a network-level firewall. As long as your inbound rules are configured as shown above, no additional firewall configuration is needed on the instance itself.
Install IronClaw
Now that the instance is set up and secured, install IronClaw:
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-installer.sh | sh
We recommend using a session manager like tmux or screen so you can easily detach and reattach to your running IronClaw instance between SSH sessions.
Next Steps
Follow our Quickstart Guide to create your first agent, connect it to Telegram, and start exploring IronClaw’s capabilities.
Want to talk with your agent using a messaging app? Check out the Channels documentation to learn how to connect.
Need your agent to perform complex tasks that require multiple tools? Check out the Extensions documentation. 
