Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ironclaw.com/llms.txt

Use this file to discover all available pages before exploring further.

Amazon Elastic Compute Cloud (EC2) lets you run virtual machines on AWS infrastructure with flexible pricing and a free tier for new accounts. In this guide we will launch an EC2 instance and configure it securely so you can run IronClaw and expose it to the internet.
Do not feel like setting up your own infrastructure? You can install IronClaw with a few clicks on agent.near.ai

Create an EC2 Instance

Sign in to the AWS Management Console and navigate to EC2 → Instances → Launch Instances. Launch instance Configure the following:
  • Name: choose a descriptive name (e.g. ironclaw)
  • AMI: Ubuntu Server 24.04 LTS (free tier eligible)
  • Instance type: t2.micro or t3.micro (free tier eligible) — sufficient for most use cases
  • Key pair: click Create new key pair, give it a name, choose RSA and .pem format, then download the file. Keep it in a safe place — you will not be able to download it again.
Key pair creation dialog 
# Restrict permissions on the downloaded key (required by SSH)
chmod 400 ~/.ssh/your-key.pem
Under Network settings, click Edit and make sure the following inbound rules are set in the security group:
TypeProtocolPortSource
SSHTCP22My IP
HTTPTCP80Anywhere
HTTPSTCP443Anywhere
Restricting SSH to My IP is strongly recommended. It prevents brute-force attacks from the open internet. You can update this rule later if your IP changes.
EC2 instance configuration Click Launch Instance. AWS will take a few seconds to provision the instance.

Access Your Instance

Once the instance is running, find its Public IPv4 address in the Instances list. EC2 instance IP address Connect from your terminal using the .pem key you downloaded: 
# Replace <KEY_PATH> and <IP_ADDRESS> accordingly
ssh -i <KEY_PATH> ubuntu@<IP_ADDRESS>
The default username for Ubuntu AMIs is ubuntu. For Amazon Linux AMIs it would be ec2-user.

Root Access

Unlike DigitalOcean Droplets, EC2 Ubuntu instances do not let you log in directly as root. Instead, the ubuntu user has passwordless sudo privileges. All privileged commands in this guide are prefixed with sudo so you can run them directly without switching users.

Configure Your Instance

Now that we are inside the instance, we need to perform some initial configuration. We want to strengthen security by setting up a dedicated user and preparing the system for running IronClaw.

Update and Upgrade

First, make sure the system is up to date: 
sudo apt update && sudo apt upgrade -y

Create a New User

It is good practice to create a dedicated user with sudo privileges instead of using ubuntu for all operations. You can create a new user (for example, ironclaw) and add it to the sudo group: 
sudo adduser ironclaw
sudo usermod -aG sudo ironclaw
Copy the SSH keys from ubuntu to the new user so you can log in with the same key pair: 
# Create the .ssh directory for the user
sudo mkdir -p /home/ironclaw/.ssh

# Copy the authorized_keys from the ubuntu user
sudo cp ~/.ssh/authorized_keys /home/ironclaw/.ssh/authorized_keys

# Set the correct ownership (critical — SSH will ignore the file otherwise)
sudo chown -R ironclaw:ironclaw /home/ironclaw/
sudo chmod 700 /home/ironclaw/.ssh
sudo chmod 600 /home/ironclaw/.ssh/authorized_keys
Open a new terminal window and confirm you can log in with the new user before continuing: 
ssh -i <KEY_PATH> ironclaw@<IP_ADDRESS>
Do not move forward until you have confirmed that you can log in with the new user. If you lose access without another user set up, you will need to reset your instance and start over.
EC2 Security Groups already act as a network-level firewall. As long as your inbound rules are configured as shown above, no additional firewall configuration is needed on the instance itself.

Install IronClaw

Now that the instance is set up and secured, install IronClaw: 
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-installer.sh | sh
Then start IronClaw and follow the instructions to complete the setup: 
ironclaw
We recommend using a session manager like tmux or screen so you can easily detach and reattach to your running IronClaw instance between SSH sessions.

Next Steps

Follow our Quickstart Guide to create your first agent, connect it to Telegram, and start exploring IronClaw’s capabilities. Want to talk with your agent using a messaging app? Check out the Channels documentation to learn how to connect. Need your agent to perform complex tasks that require multiple tools? Check out the Extensions documentation.