frontpage.

I work on AWS infrastructure (ex-Percona, Box, Dropbox, Pinterest). When OpenClaw blew up, I wanted to run it properly on AWS and was surprised by the default deployment story. The Lightsail blueprint shipped with 31 unpatched CVEs. The standard install guide uses three separate curl-pipe-sh patterns as root. Bitsight found 30,000+ exposed instances in two weeks. OpenClaw's own maintainer said "if you can't understand how to run a command line, this is far too dangerous."

So I built a Terraform module that replaces the defaults with what I'd consider production-grade:

* Cognito + ALB instead of a shared gateway token (per-user identity, MFA) * GPG-verified APT packages instead of curl|bash * systemd with ProtectHome=tmpfs and BindPaths sandboxing * Secrets Manager + KMS instead of plaintext API keys * EFS for persistence across instance replacement * CloudWatch logging with 365-day retention Bedrock is the default LLM provider so it works without any API keys. One terraform apply. Full security writeup: https://infrahouse.com/blog/2026-03-09-deploying-openclaw-on...

I'm sure I've missed things. What would you add or do differently for running an autonomous agent with shell access on a shared server?

We visited "ground zero" for hospice fraud: Los Angeles, California

Hollywood Hacks OT: Cybersecurity Lessons from the Movies

40 Years of Wireless Evolution Leads to a Smart, Sensing Network

"Added 1M context window for Opus 4.6 by default for Max, Team, and Enterprise"

Could a Day Job Be the Foundation of an Artist's Success?

Japanese government makes indie game devs eligible for grants up to $60k USD

Pick one of catastrophic or equitable. Are founder clean breaks possible?

How the Strait of Hormuz closure affects global oil supply

Iran and Region Monitor of Attacks and Major Events

Smaller Than a Fingernail: Unboxing the Tiniest Books [video]

Electron microscopy shows 'mouse bite' defects in semiconductors

Show HN: diz – SSH key exchange in one command each side

The Playbook and Play-Engine Site (2003)

Digg cuts jobs after facing AI bot surge

macOS backups with Kopia and Backblaze (2023)

Dust Outbreak Reaches Europe

How the Iran War Threatens Big Tech's AI Data Center Buildout in the Middle East [video]

Harnessing eDNA to help conserve Australia's oceans

The AI that taught itself: Researchers show how AI can learn what it never knew

Execwall – firewall to stop ModelScope CVE-2026-2256 (AI agent command injectn)

Ask HN: Has anyone built an AI agent that spends real money?

Waitrose suspends sale of mackerel because of overfishing

High Grow Market Equilibrium After the Singularity

Stop repeating yourself to Claude Code

I beg you to follow Crocker's Rules, even if you will be rude to me

Computing in Freedom with GNU Emacs

Annette Obrestad: The teenage prodigy who won the first WSOP Europe Main Event

YC: Need more time to review application

Global Flood Hub by Google

Ninth Circuit Guts California's Kids Code Once Again

Show HN: Hardened OpenClaw on AWS with Terraform