DEV Community: C.K.Sun The latest articles on DEV Community by C.K.Sun (@chenkuansun). https://dev.to/chenkuansun https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F181032%2F750ecdca-a3f8-40c7-b5dd-fd4fa3822077.jpeg DEV Community: C.K.Sun https://dev.to/chenkuansun en How We Use AWS CDK to Deploy OpenClaw for Enterprise Teams — API Key Management Without the Chaos C.K.Sun Sun, 22 Mar 2026 22:31:46 +0000 https://dev.to/chenkuansun/how-we-use-aws-cdk-to-deploy-openclaw-for-enterprise-teams-api-key-management-without-the-chaos-2p1b https://dev.to/chenkuansun/how-we-use-aws-cdk-to-deploy-openclaw-for-enterprise-teams-api-key-management-without-the-chaos-2p1b <p>We wanted every employee in the company to use OpenClaw — not just engineers. Product managers writing specs, designers prototyping, ops teams automating workflows. The problem wasn't adoption — it was operations.</p> <p>Hundreds of employees, each needing their own API key in a local config file. Within a week, keys were committed to git. Within a month, finance couldn't figure out who was spending what. When Anthropic rotated a key, we had to notify everyone individually. We needed infrastructure, not process.</p> <p>We solved it with four AWS CDK stacks and a 100-line sidecar proxy. Here's how.</p> <h2> The Architecture: Four CDK Stacks </h2> <p>Everything deploys in order with <code>nx deploy</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">DEPLOY_ENV</span><span class="o">=</span>prod nx deploy teamclaw-foundation-infra <span class="c"># VPC, EFS, ECR, Secrets Manager</span> <span class="nv">DEPLOY_ENV</span><span class="o">=</span>prod nx deploy teamclaw-cluster-infra <span class="c"># ECS Fargate, ALB, CloudFront</span> <span class="nv">DEPLOY_ENV</span><span class="o">=</span>prod nx deploy teamclaw-control-plane-infra <span class="c"># Cognito, DynamoDB, Lifecycle Lambda</span> <span class="nv">DEPLOY_ENV</span><span class="o">=</span>prod nx deploy teamclaw-admin-infra <span class="c"># API Gateway, 44 Lambda handlers</span> </code></pre> </div> <p>After deployment, IT configures API keys in the admin panel. Employees sign up with their company email. That's it — no per-user key setup.</p> <h2> Stack 1: Foundation </h2> <p>VPC with public/private subnets, EFS for per-user data persistence, ECR for container images, and Secrets Manager for the API key pool.</p> <p>The key design decision: <strong>one Secrets Manager secret holds all provider keys</strong> as a JSON pool.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// foundation.stack.ts</span> <span class="kd">const</span> <span class="nx">apiKeysSecret</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws_secretsmanager</span><span class="p">.</span><span class="nc">Secret</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ApiKeysSecret</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">secretName</span><span class="p">:</span> <span class="s2">`</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">/teamclaw/api-keys`</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Shared API key pool for TeamClaw</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> </code></pre> </div> <p>The secret format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"providers"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"anthropic"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"authType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"apiKey"</span><span class="p">,</span><span class="w"> </span><span class="nl">"keys"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"sk-ant-key1..."</span><span class="p">,</span><span class="w"> </span><span class="s2">"sk-ant-key2..."</span><span class="p">,</span><span class="w"> </span><span class="s2">"sk-ant-key3..."</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"openai"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"authType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"apiKey"</span><span class="p">,</span><span class="w"> </span><span class="nl">"keys"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"sk-proj-key1..."</span><span class="p">,</span><span class="w"> </span><span class="s2">"sk-proj-key2..."</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Adding a key is one CLI call. No container restart — the sidecar's 60-second cache handles it.</p> <h2> Stack 2: Cluster </h2> <p>ECS Fargate cluster, ALB with per-user path-based routing, CloudFront for WSS termination, and the <strong>ECS Task Definition with two containers</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// cluster.stack.ts</span> <span class="kd">const</span> <span class="nx">taskDefinition</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws_ecs</span><span class="p">.</span><span class="nc">FargateTaskDefinition</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">UserTaskDef</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">family</span><span class="p">:</span> <span class="s2">`teamclaw-user-</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">memoryLimitMiB</span><span class="p">:</span> <span class="mi">2048</span><span class="p">,</span> <span class="nx">taskRole</span><span class="p">,</span> <span class="nx">executionRole</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Container 1: Unmodified OpenClaw</span> <span class="nx">taskDefinition</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="dl">'</span><span class="s1">teamclaw</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">image</span><span class="p">:</span> <span class="nx">aws_ecs</span><span class="p">.</span><span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">ecrUri</span><span class="p">}</span><span class="s2">:latest`</span><span class="p">),</span> <span class="na">portMappings</span><span class="p">:</span> <span class="p">[{</span> <span class="na">containerPort</span><span class="p">:</span> <span class="mi">18789</span> <span class="p">}],</span> <span class="p">});</span> <span class="c1">// Container 2: Sidecar proxy for credential injection</span> <span class="nx">taskDefinition</span><span class="p">.</span><span class="nf">addContainer</span><span class="p">(</span><span class="dl">'</span><span class="s1">proxy-sidecar</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">image</span><span class="p">:</span> <span class="nx">aws_ecs</span><span class="p">.</span><span class="nx">ContainerImage</span><span class="p">.</span><span class="nf">fromRegistry</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">sidecarUri</span><span class="p">}</span><span class="s2">:latest`</span><span class="p">),</span> <span class="na">portMappings</span><span class="p">:</span> <span class="p">[{</span> <span class="na">containerPort</span><span class="p">:</span> <span class="mi">3000</span> <span class="p">}],</span> <span class="p">});</span> </code></pre> </div> <p>The sidecar is the key piece. OpenClaw's config points all providers to <code>http://localhost:3000/anthropic</code>, <code>http://localhost:3000/openai</code>, etc. The sidecar intercepts every API call, strips the dummy auth header, injects the real key from Secrets Manager, and forwards upstream. <strong>The real API key never touches the OpenClaw process.</strong></p> <p>The task role is scoped tight — least privilege:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Secrets Manager: read-only on the key pool</span> <span class="nx">taskRole</span><span class="p">.</span><span class="nf">addToPolicy</span><span class="p">(</span><span class="k">new</span> <span class="nx">aws_iam</span><span class="p">.</span><span class="nc">PolicyStatement</span><span class="p">({</span> <span class="na">actions</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">secretsmanager:GetSecretValue</span><span class="dl">'</span><span class="p">],</span> <span class="na">resources</span><span class="p">:</span> <span class="p">[</span><span class="s2">`arn:aws:secretsmanager:</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">account</span><span class="p">}</span><span class="s2">:secret:</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">/teamclaw/*`</span><span class="p">],</span> <span class="p">}));</span> <span class="c1">// EFS: mount user data</span> <span class="nx">taskRole</span><span class="p">.</span><span class="nf">addToPolicy</span><span class="p">(</span><span class="k">new</span> <span class="nx">aws_iam</span><span class="p">.</span><span class="nc">PolicyStatement</span><span class="p">({</span> <span class="na">actions</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">elasticfilesystem:ClientMount</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">elasticfilesystem:ClientWrite</span><span class="dl">'</span><span class="p">],</span> <span class="na">resources</span><span class="p">:</span> <span class="p">[</span><span class="s2">`arn:aws:elasticfilesystem:</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">account</span><span class="p">}</span><span class="s2">:file-system/*`</span><span class="p">],</span> <span class="p">}));</span> <span class="c1">// DynamoDB: sidecar logs usage per request</span> <span class="nx">taskRole</span><span class="p">.</span><span class="nf">addToPolicy</span><span class="p">(</span><span class="k">new</span> <span class="nx">aws_iam</span><span class="p">.</span><span class="nc">PolicyStatement</span><span class="p">({</span> <span class="na">actions</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">dynamodb:PutItem</span><span class="dl">'</span><span class="p">],</span> <span class="na">resources</span><span class="p">:</span> <span class="p">[</span><span class="s2">`arn:aws:dynamodb:</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">account</span><span class="p">}</span><span class="s2">:table/teamclaw-usage-</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">`</span><span class="p">],</span> <span class="p">}));</span> </code></pre> </div> <h2> Stack 3: Control Plane </h2> <p>Cognito for employee auth, DynamoDB for state, and the <strong>Lifecycle Lambda</strong> that orchestrates container lifecycle.</p> <p>When an employee logs in, the user-session Lambda checks DynamoDB. If no container exists, it invokes the Lifecycle Lambda which:</p> <ol> <li>Creates an EFS access point at <code>/users/{userId}</code> </li> <li>Calls <code>ecs:RunTask</code> to start a Fargate task</li> <li>Polls <code>DescribeTasks</code> until the container gets a private IP</li> <li>Creates a per-user ALB target group and listener rule</li> <li>Records the task ARN and IP in DynamoDB </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Lifecycle Lambda — least privilege for ECS orchestration</span> <span class="nx">lifecycleLambda</span><span class="p">.</span><span class="nf">addToRolePolicy</span><span class="p">(</span><span class="k">new</span> <span class="nx">aws_iam</span><span class="p">.</span><span class="nc">PolicyStatement</span><span class="p">({</span> <span class="na">actions</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">ecs:RunTask</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ecs:StopTask</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ecs:DescribeTasks</span><span class="dl">'</span><span class="p">],</span> <span class="na">resources</span><span class="p">:</span> <span class="p">[</span> <span class="s2">`arn:aws:ecs:</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">account</span><span class="p">}</span><span class="s2">:cluster/teamclaw-</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="s2">`arn:aws:ecs:</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">account</span><span class="p">}</span><span class="s2">:task/teamclaw-</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">/*`</span><span class="p">,</span> <span class="s2">`arn:aws:ecs:</span><span class="p">${</span><span class="nx">region</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">account</span><span class="p">}</span><span class="s2">:task-definition/teamclaw-*-</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">:*`</span><span class="p">,</span> <span class="p">],</span> <span class="p">}));</span> </code></pre> </div> <p>An EventBridge rule triggers idle checking every 15 minutes. Containers idle for 30+ minutes get stopped — real cost savings when Fargate bills per-second.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">new</span> <span class="nx">aws_events</span><span class="p">.</span><span class="nc">Rule</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">IdleCheckRule</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">schedule</span><span class="p">:</span> <span class="nx">aws_events</span><span class="p">.</span><span class="nx">Schedule</span><span class="p">.</span><span class="nf">rate</span><span class="p">(</span><span class="nx">Duration</span><span class="p">.</span><span class="nf">minutes</span><span class="p">(</span><span class="mi">15</span><span class="p">)),</span> <span class="p">}).</span><span class="nf">addTarget</span><span class="p">(</span><span class="k">new</span> <span class="nx">aws_events_targets</span><span class="p">.</span><span class="nc">LambdaFunction</span><span class="p">(</span><span class="nx">lifecycleLambda</span><span class="p">,</span> <span class="p">{</span> <span class="na">event</span><span class="p">:</span> <span class="nx">aws_events</span><span class="p">.</span><span class="nx">RuleTargetInput</span><span class="p">.</span><span class="nf">fromObject</span><span class="p">({</span> <span class="na">action</span><span class="p">:</span> <span class="dl">'</span><span class="s1">check-idle</span><span class="dl">'</span><span class="p">,</span> <span class="na">userId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">system</span><span class="dl">'</span> <span class="p">}),</span> <span class="p">}));</span> </code></pre> </div> <h2> Stack 4: Admin API </h2> <p>API Gateway HTTP API with Cognito JWT authorizer, 44 Lambda handlers. Users, teams, containers, API keys, integrations, analytics — all managed through the admin panel.</p> <p>Cross-stack communication uses SSM parameters exclusively — no CDK exports:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Stack 2 writes:</span> <span class="k">new</span> <span class="nx">aws_ssm</span><span class="p">.</span><span class="nc">StringParameter</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ClusterNameParam</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">parameterName</span><span class="p">:</span> <span class="s2">`/tc/</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">/ecs/clusterName`</span><span class="p">,</span> <span class="na">stringValue</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">clusterName</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Stack 3 reads:</span> <span class="kd">const</span> <span class="nx">clusterName</span> <span class="o">=</span> <span class="nx">aws_ssm</span><span class="p">.</span><span class="nx">StringParameter</span><span class="p">.</span><span class="nf">valueForStringParameter</span><span class="p">(</span> <span class="k">this</span><span class="p">,</span> <span class="s2">`/tc/</span><span class="p">${</span><span class="nx">deployEnv</span><span class="p">}</span><span class="s2">/ecs/clusterName`</span> <span class="p">);</span> </code></pre> </div> <p>This pattern means stacks are fully independent. No deployment ordering issues, no "stack is in a failed state" nightmares.</p> <h2> The Sidecar: How API Key Isolation Works </h2> <p>The sidecar proxy runs on <code>localhost:3000</code> inside each container. OpenClaw thinks it's talking to the AI provider. Its config has:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">providers</span><span class="p">:</span> <span class="p">{</span> <span class="nl">anthropic</span><span class="p">:</span> <span class="p">{</span> <span class="na">baseUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3000/anthropic</span><span class="dl">'</span><span class="p">,</span> <span class="na">apiKey</span><span class="p">:</span> <span class="dl">'</span><span class="s1">proxy-managed</span><span class="dl">'</span> <span class="p">},</span> <span class="nx">openai</span><span class="p">:</span> <span class="p">{</span> <span class="nl">baseUrl</span><span class="p">:</span> <span class="dl">'</span><span class="s1">http://localhost:3000/openai</span><span class="dl">'</span><span class="p">,</span> <span class="nx">apiKey</span><span class="p">:</span> <span class="dl">'</span><span class="s1">proxy-managed</span><span class="dl">'</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p>The sidecar parses the provider from the URL, reads the key pool from Secrets Manager (cached 60s), <strong>round-robins</strong> across keys, strips the dummy auth, injects the real key, and forwards upstream. Usage gets logged to DynamoDB per request.</p> <p>The container entrypoint explicitly unsets all provider env vars as its first action:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="nb">unset </span>ANTHROPIC_API_KEY OPENAI_API_KEY GOOGLE_API_KEY node /scripts/generate-config.js <span class="nb">exec </span>openclaw gateway run <span class="nt">--port</span> 18789 <span class="nt">--auth</span> trusted-proxy </code></pre> </div> <p>If a skill or MCP tool reads <code>process.env</code>, it finds nothing. The real key only exists in the sidecar's memory, fetched at runtime from Secrets Manager.</p> <h2> Config Hierarchy: Global → Team → User </h2> <p>OpenClaw reads a single <code>openclaw.json</code>. We generate it at startup by merging three tiers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">globalConfig</span> <span class="o">=</span> <span class="nf">loadJson</span><span class="p">(</span><span class="dl">'</span><span class="s1">/efs/system/global-config.json</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Admin guardrails</span> <span class="kd">const</span> <span class="nx">teamConfig</span> <span class="o">=</span> <span class="nf">loadJson</span><span class="p">(</span><span class="s2">`/efs/teams/</span><span class="p">${</span><span class="nx">teamId</span><span class="p">}</span><span class="s2">/team-config.json`</span><span class="p">);</span> <span class="c1">// Team standards</span> <span class="kd">const</span> <span class="nx">userConfig</span> <span class="o">=</span> <span class="nf">loadJson</span><span class="p">(</span><span class="s2">`/efs/users/</span><span class="p">${</span><span class="nx">userId</span><span class="p">}</span><span class="s2">/user-config.json`</span><span class="p">);</span> <span class="c1">// Personal prefs</span> <span class="kd">const</span> <span class="nx">merged</span> <span class="o">=</span> <span class="nf">deepMerge</span><span class="p">(</span><span class="nf">deepMerge</span><span class="p">(</span><span class="nf">deepMerge</span><span class="p">(</span><span class="nx">baseConfig</span><span class="p">,</span> <span class="nx">globalConfig</span><span class="p">),</span> <span class="nx">teamConfig</span><span class="p">),</span> <span class="nx">userConfig</span><span class="p">);</span> </code></pre> </div> <p>Same for <code>SOUL.md</code> — OpenClaw's system prompt. Admin sets guardrails, team sets coding standards, user sets preferences. All layered, zero conflicts.</p> <h2> What We Learned </h2> <p><strong>ALB listener rules cap at 100 per listener.</strong> Each user gets a routing rule. At 100 concurrent users, you need to request a limit increase or rearchitect.</p> <p><strong>Per-user Fargate costs ~$12/user/month</strong> running 24/7. With 30-minute idle stop, real-world cost is ~$3-4/user/month.</p> <p><strong>SSM parameter pattern for cross-stack refs is worth it.</strong> More verbose than CDK exports, but zero coupling between stacks.</p> <p><strong>The sidecar pattern works for any container-based AI tool</strong>, not just OpenClaw. If you're running any AI agent that needs API keys, a localhost proxy that injects credentials from Secrets Manager is a clean, provider-agnostic solution.</p> <h2> Source </h2> <p>Apache 2.0: <a href="https://github.com/ChenKuanSun/teamclaw" rel="noopener noreferrer">github.com/ChenKuanSun/teamclaw</a> — Nx monorepo, 4 CDK stacks, 992 tests.</p> opensource openclaw aws cdk