-
Notifications
You must be signed in to change notification settings - Fork 0
Getting Started
KPH edited this page Jun 24, 2026
·
1 revision
Get a budgeted Claude running on AWS in five commands. Assumes AWS SSO is already set up; see the Operator Guide for full prerequisites.
# Install
go install github.com/whereiskurt/klanker-maker/cmd/km@latest
# 1. One-time platform configuration (domain, account IDs, region)
km configure
# 2. One-time bootstrap: SCP + KMS + artifacts bucket (in management account)
km bootstrap --dry-run=false
# 3. One-time per region: build Lambdas/sidecars, provision shared VPC
km init --region us-east-1
# 4. Health check (20+ checks across all accounts)
km doctor
# 5. Ship a Claude
km create profiles/goose.yaml --alias dev1
km agent run dev1 --prompt "summarize CHANGELOG.md" --wait
km destroy dev1 --yesNeed to manage many at once? km list shows the fleet, km at schedules deferred work, and the Slack #sb-{id} channels give every sandbox a thread you can talk to.
# Spin up 5 worker sandboxes from one profile
for i in 1 2 3 4 5; do km create profiles/goose.yaml --alias worker-$i & done; wait
# Schedule nightly destroys
km at 'every weekday at 11pm' kill worker-1
km at 'every weekday at 11pm' kill worker-2
# Send all of them a prompt at 6am
km at '6am tomorrow' agent run worker-1 --prompt "pull main, run tests, post results" --auto-start| Profile | TTL | Network | Budget | Use Case |
|---|---|---|---|---|
hardened |
4h | eBPF+proxy (both), AWS services only | None | Production-adjacent testing |
sealed |
1h | Proxy, .anthropic.com + .npmjs.org only | $5 / $10 | Minimal egress, short-lived |
goose |
4h | eBPF+proxy (both), Anthropic + GitHub + npm + PyPI + OpenAI | $0.50 / $1 | Goose agent (Block) with Bedrock + MCP |
codex |
4h | Proxy, OpenAI + GitHub | $2 / $5 | OpenAI Codex agent |
ao |
8h | eBPF+proxy (both), Anthropic + GitHub + npm + OpenAI | $4 / $10 | Multi-agent orchestration (Claude + Codex + AO) |
learn |
2h | eBPF+proxy (both), wide-open TLD suffixes | $2 / $0 | Traffic observation for profile generation |
| Substrate | How It Works | Cost |
|---|---|---|
| EC2 Spot (default) | Shared regional VPC, per-sandbox SG, spot instance, SSM access, sidecar systemd services | ~$0.01/hr for t3.medium |
| EC2 On-Demand | Same as above, guaranteed capacity (required for hibernation) | ~$0.04/hr for t3.medium |
| ECS Fargate Spot | Fargate task with sidecar containers, service discovery | ~$0.01/hr for 1 vCPU / 2GB |
| ECS Fargate | Same as above, guaranteed capacity | ~$0.04/hr for 1 vCPU / 2GB |
| Docker (local) | Docker Compose on local machine, sidecar containers, IAM roles via STS | Free (local compute) |
Spot interruption handlers automatically upload artifacts to S3 before instances are reclaimed. EKS substrate is on the roadmap.