Created
February 28, 2026 11:41
-
-
Save tpschmidt/e200ac80ebf5ab945cfba90fe0cf02ab to your computer and use it in GitHub Desktop.
Bootstrap script for OpenClaw on AWS Lightsail with SSM Session Manager, Node.js, AWS CLI, Go, and gogcli
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eu | |
| # ── SSM agent ──────────────────────────────────────────────────────────────── | |
| # We need the SSM agent for accessing Lightsail instances | |
| if ! snap services amazon-ssm-agent | grep -q 'active'; then | |
| snap stop amazon-ssm-agent || true | |
| fi | |
| /snap/amazon-ssm-agent/current/amazon-ssm-agent -register -y \ | |
| -id "${ssm_activation_id}" \ | |
| -code "${ssm_activation_code}" \ | |
| -region "${region}" | |
| snap start amazon-ssm-agent | |
| # ── Node.js & zsh ──────────────────────────────────────────────────────────── | |
| # We need Node.js for the OpenClaw CLI | |
| if ! command -v node >/dev/null 2>&1; then | |
| curl -fsSL https://deb.nodesource.com/setup_${nodejs_version}.x | bash - | |
| apt-get install -y nodejs | |
| fi | |
| apt-get install -y zsh unzip make git | |
| chsh -s /usr/bin/zsh ubuntu | |
| # ── AWS CLI v2 ─────────────────────────────────────────────────────────────── | |
| # We need AWS CLI for accessing AWS | |
| if ! command -v aws >/dev/null 2>&1; then | |
| curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o /tmp/awscliv2.zip | |
| unzip -q /tmp/awscliv2.zip -d /tmp | |
| /tmp/aws/install | |
| rm -rf /tmp/awscliv2.zip /tmp/aws | |
| fi | |
| # ── Go ─────────────────────────────────────────────────────────────────────── | |
| # We need Go for the gogcli tool | |
| if [ ! -f /usr/local/go/bin/go ]; then | |
| wget -P /tmp "https://go.dev/dl/go${go_version}.linux-amd64.tar.gz" | |
| rm -rf /usr/local/go | |
| tar -C /usr/local -xzf "/tmp/go${go_version}.linux-amd64.tar.gz" | |
| rm "/tmp/go${go_version}.linux-amd64.tar.gz" | |
| echo 'export PATH=$PATH:/usr/local/go/bin' > /etc/profile.d/go.sh | |
| echo 'export PATH=$PATH:$(/usr/local/go/bin/go env GOPATH)/bin' >> /etc/profile.d/go.sh | |
| fi | |
| # ── Wait for ssm-user ──────────────────────────────────────────────────────── | |
| # For accessing lightsail without the need for open SSH ports | |
| for i in $(seq 1 60); do | |
| id ssm-user >/dev/null 2>&1 && break | |
| sleep 10 | |
| done | |
| if id ssm-user >/dev/null 2>&1; then | |
| mkdir -p /home/ssm-user && chown ssm-user:ssm-user /home/ssm-user | |
| fi | |
| # ── AWS credentials ────────────────────────────────────────────────────────── | |
| # For Accessing AWS | |
| for dir in /home/ssm-user /home/ubuntu; do | |
| if [ -d "$dir" ]; then | |
| mkdir -p "$dir/.aws" | |
| echo "${creds_b64}" | base64 -d > "$dir/.aws/credentials" | |
| chown -R "$(stat -c '%U:%G' "$dir")" "$dir/.aws" | |
| chmod 700 "$dir/.aws" | |
| chmod 600 "$dir/.aws/credentials" | |
| fi | |
| done | |
| # ── OpenClaw ───────────────────────────────────────────────────────────────── | |
| if ! su - ssm-user -c 'command -v openclaw >/dev/null 2>&1'; then | |
| su - ssm-user -c 'curl -fsSL https://openclaw.ai/install.sh | bash' < /dev/null || true | |
| fi | |
| grep -qxF 'export PATH=$PATH:/home/ssm-user/.npm-global/bin' /home/ssm-user/.bashrc || \ | |
| echo 'export PATH=$PATH:/home/ssm-user/.npm-global/bin' >> /home/ssm-user/.bashrc | |
| # ── gog ────────────────────────────────────────────────────────────────────── | |
| # For Accessing Gmail | |
| if [ ! -f /home/ssm-user/gogcli/bin/gog ]; then | |
| [ -d /home/ssm-user/gogcli ] || su - ssm-user -c \ | |
| 'git clone https://github.com/steipete/gogcli.git /home/ssm-user/gogcli' | |
| su - ssm-user -c ' | |
| export PATH=$PATH:/usr/local/go/bin | |
| export GOPATH=/home/ssm-user/go | |
| cd /home/ssm-user/gogcli && make | |
| ' || true | |
| fi | |
| grep -qxF 'export PATH=$PATH:/home/ssm-user/gogcli/bin' /home/ssm-user/.bashrc || \ | |
| echo 'export PATH=$PATH:/home/ssm-user/gogcli/bin' >> /home/ssm-user/.bashrc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey Tobias, there's a bug in the SSM section. Look at lines 6-8:
if ! snap services amazon-ssm-agent | grep -q 'active'; then
snap stop amazon-ssm-agent || true
fi
This says: "stop the agent only if it's NOT active" — which is backwards and pointless. It should stop the agent if it IS active (before
re-registering).
Also it's missing a step to clear the existing EC2 registration file before re-registering.
The correct logic should be:
snap stop amazon-ssm-agent || true
rm -f /var/snap/amazon-ssm-agent/current/registration
/snap/amazon-ssm-agent/current/amazon-ssm-agent -register -y
-id "${ssm_activation_id}"
-code "${ssm_activation_code}"
-region "${region}"
snap start amazon-ssm-agent