frontpage.

I work on AWS infrastructure (ex-Percona, Box, Dropbox, Pinterest). When OpenClaw blew up, I wanted to run it properly on AWS and was surprised by the default deployment story. The Lightsail blueprint shipped with 31 unpatched CVEs. The standard install guide uses three separate curl-pipe-sh patterns as root. Bitsight found 30,000+ exposed instances in two weeks. OpenClaw's own maintainer said "if you can't understand how to run a command line, this is far too dangerous."

So I built a Terraform module that replaces the defaults with what I'd consider production-grade:

* Cognito + ALB instead of a shared gateway token (per-user identity, MFA) * GPG-verified APT packages instead of curl|bash * systemd with ProtectHome=tmpfs and BindPaths sandboxing * Secrets Manager + KMS instead of plaintext API keys * EFS for persistence across instance replacement * CloudWatch logging with 365-day retention Bedrock is the default LLM provider so it works without any API keys. One terraform apply. Full security writeup: https://infrahouse.com/blog/2026-03-09-deploying-openclaw-on...

I'm sure I've missed things. What would you add or do differently for running an autonomous agent with shell access on a shared server?

Show HN: Channel Surfer – Watch YouTube like it’s cable TV

Show HN: Context Gateway – Compress agent context before it hits the LLM

Show HN: EdgeWhisper – On-device voice-to-text for macOS (Voxtral 4B via MLX)

Show HN: What was the world listening to? Music charts, 20 countries (1940–2025)

Show HN: Svglib a SVG parser and renderer for Windows

Show HN: Compressor.app – Compress almost any file format

Show HN: Hardened OpenClaw on AWS with Terraform

Show HN: Better HN – Realtime Comment Updates and Cleaner Look

Show HN: A single CLI to manage llama.cpp/vLLM/Ollama models

Show HN: Loop your agents like a dandy little b*tch

Show HN: Axe – A 12MB binary that replaces your AI framework

Show HN: ShellSelf – A Developer Portfolio That Feels Like Home

Show HN: Anthrology – Time-Traveling Radio

Show HN: Mutate – free inline text replacement for Mac

Show HN: DJX – Convention over Configuration for Django (Rails-Inspired CLI)

Show HN: An addendum to the Agile Manifesto for the AI era

Show HN: OneCLI – Vault for AI Agents in Rust

Show HN: Tiny macOS app that adds a facecam bubble to screen recordings

Show HN: Mjmx – render mjml using JSX

Show HN: AgentLog – a lightweight event bus for AI agents using JSONL logs

Show HN: Rudel – Claude Code Session Analytics

Show HN: Understudy – Teach a desktop agent by demonstrating a task once

Show HN: Execute local LLM prompts in remote SSH shell sessions

Show HN: s@: decentralized social networking over static sites

Show HN: AI milestone verification for construction using AWS

Show HN: RepoCrunch – CLI to analyze GitHub repos

Show HN: OpenClaw docs in Japanese, now open source

Show HN: Open-source browser for AI agents

Show HN: Mesa – A collaborative canvas IDE built for agent-first development

Show HN: OpenClaw-class agents on ESP32 (and the IDE that makes it possible)

Show HN: Hardened OpenClaw on AWS with Terraform

Show HN: Channel Surfer – Watch YouTube like it’s cable TV

Show HN: Context Gateway – Compress agent context before it hits the LLM

Show HN: EdgeWhisper – On-device voice-to-text for macOS (Voxtral 4B via MLX)

Show HN: What was the world listening to? Music charts, 20 countries (1940–2025)

Show HN: Svglib a SVG parser and renderer for Windows

Show HN: Compressor.app – Compress almost any file format

Show HN: Hardened OpenClaw on AWS with Terraform

Show HN: Better HN – Realtime Comment Updates and Cleaner Look

Show HN: A single CLI to manage llama.cpp/vLLM/Ollama models

Show HN: Loop your agents like a dandy little b*tch

Show HN: Axe – A 12MB binary that replaces your AI framework

Show HN: ShellSelf – A Developer Portfolio That Feels Like Home

Show HN: Anthrology – Time-Traveling Radio

Show HN: Mutate – free inline text replacement for Mac

Show HN: DJX – Convention over Configuration for Django (Rails-Inspired CLI)

Show HN: An addendum to the Agile Manifesto for the AI era

Show HN: OneCLI – Vault for AI Agents in Rust

Show HN: Tiny macOS app that adds a facecam bubble to screen recordings

Show HN: Mjmx – render mjml using JSX

Show HN: AgentLog – a lightweight event bus for AI agents using JSONL logs

Show HN: Rudel – Claude Code Session Analytics

Show HN: Understudy – Teach a desktop agent by demonstrating a task once

Show HN: Execute local LLM prompts in remote SSH shell sessions

Show HN: s@: decentralized social networking over static sites

Show HN: AI milestone verification for construction using AWS

Show HN: RepoCrunch – CLI to analyze GitHub repos

Show HN: OpenClaw docs in Japanese, now open source

Show HN: Open-source browser for AI agents

Show HN: Mesa – A collaborative canvas IDE built for agent-first development

Show HN: OpenClaw-class agents on ESP32 (and the IDE that makes it possible)