Skip to content

tianpeijun/openclaw

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.kiro/specs/openclaw-eks-deploy
.kiro/specs/openclaw-eks-deploy
 
 
cloudformation
cloudformation
 
 
k8s-manifests
k8s-manifests
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
DEPLOY.md
DEPLOY.md
 
 
README.md
README.md
 
 

Repository files navigation

OpenClaw on AWS EKS Auto Mode

Production-grade deployment of OpenClaw multi-tenant AI Agent platform on Amazon EKS Auto Mode, powered by Amazon Bedrock (Claude Sonnet 4.6).

Architecture

  • Amazon EKS Auto Mode (us-east-1) — managed control plane + nodes + storage + autoscaling
  • Amazon Bedrock — Claude family foundation models via VPC Endpoint
  • Amazon EFS — persistent workspace storage with per-tenant Access Points
  • NLB + EnvoyGateway — single entry point with subdomain-based multi-tenant routing
  • Feishu/Lark Channel — WebSocket-based bot integration for enterprise messaging

Quick Start

Prerequisites: AWS CLI ≥ 2.0, kubectl ≥ 1.31, an AWS account with Bedrock model access enabled.

# 1. Create S3 bucket for nested templates
aws s3 mb s3://openclaw-cfn-templates-<YOUR-ACCOUNT-ID> --region us-east-1

# 2. Package templates
aws cloudformation package \
  --template-file cloudformation/root-stack.yaml \
  --s3-bucket openclaw-cfn-templates-<YOUR-ACCOUNT-ID> \
  --output-template-file packaged-root.yaml

# 3. Deploy (~15 min)
aws cloudformation deploy \
  --template-file packaged-root.yaml \
  --stack-name openclaw-prod \
  --parameter-overrides \
    TargetAccountId=<YOUR-ACCOUNT-ID> \
    AlarmEmail=<YOUR-EMAIL> \
  --capabilities CAPABILITY_NAMED_IAM \
  --region us-east-1

See DEPLOY.md for the complete deployment guide with post-deploy configuration and troubleshooting of 27+ real-world issues.

Repository Layout

cloudformation/          9 nested CFN templates (network / security / storage /
                         cluster / auth / ingress / monitoring / tenant / root)
k8s-manifests/           Kubernetes patches (initContainer config, Bedrock env,
                         manually-applied tenant resources)
tests/                   Property-based tests (hypothesis + pytest, 10 properties
                         × 100 iterations) + integration validation
.kiro/specs/             Spec-driven development docs (requirements / design / tasks)
DEPLOY.md                Complete deployment guide + 27-issue troubleshooting log

Key Design Choices

Area Choice Rationale
Container image ghcr.io/openclaw/openclaw:2026.4.15 (pinned) 2026.5.x has a Feishu plugin ESM bug (__dirname is not defined)
Bedrock auth Long-term API Key via K8s Secret POC-friendly; production should migrate to IRSA SigV4
Multi-tenancy Namespace + NetworkPolicy + per-tenant IRSA Enables CloudTrail-based per-tenant Bedrock usage tracking
Storage EFS PVC (workspace) + emptyDir (session) Persistent skills/memory survive Pod restart; session history is ephemeral
Ingress NLB TCP passthrough + EnvoyGateway Supports WebSocket/streaming required by OpenClaw TUI and Channels

Version Policy

Do not use :latest. OpenClaw container images must be pinned to a community-verified stable version. See .kiro/specs/openclaw-eks-deploy/design.md section "版本选型详解" for the compatibility matrix.

Testing

pip install -r requirements-test.txt   # hypothesis, pytest, cfn-lint
pytest tests/ -v

34/35 tests pass (1 expected failure is a cfn-lint limitation on dynamic Fn::Sub condition keys in tenant-stack.yaml).

License

MIT

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages