Descriptions:
Stephanie Nyarko walks through the security hardening checklist she applies to every OpenClaw deployment on AWS, addressing the gap between experimenting locally and running an AI agent reliably and safely in the cloud. The video targets developers who have OpenClaw working on their laptop and want to move to a production-grade EC2 setup without accidentally exposing their agent’s dashboard or API keys to the internet.
The centerpiece recommendation is AWS Systems Manager (SSM) Session Manager for all admin access—an approach that eliminates the need to open any inbound network ports, including port 22 for SSH, while still providing full terminal access with built-in AWS-side auditability. For teams that do require SSH, Nyarko covers key pair creation (PEM format for macOS, PPK for Windows), the critical chmod 400 permission command that prevents SSH from rejecting an improperly permissioned key file, and best practices for secure key storage.
Additional hardening steps include scoping EC2 security groups to allow only necessary traffic, using Elastic IPs for a stable and predictable network identity, storing API keys in proper secrets management rather than pasting them into config files or screenshots, and setting cost controls to prevent runaway token spend. The deployment model throughout is Docker running on a T2 small EC2 instance, consistent with Nyarko’s previous OpenClaw setup video, making this a natural follow-on for that audience.
📺 Source: Stephanie Nyarko · Published February 27, 2026
🏷️ Format: Tutorial Demo
