DevOps
Deploy OpenClaw AI on AWS EC2 with Terraform and EBS Storage
Deploy OpenClaw AI on AWS EC2 with Terraform: Ubuntu 24.04, gp3 EBS for persistent agent data, SSH key pair, security group, and user-data bootstrap.
3 min read
DevOps
Terraform for VxWorks Aerospace and Defense Backends
Provision VxWorks cloud backends with Terraform: AWS GovCloud telemetry, secure firmware delivery, FedRAMP boundaries, and Wind River Studio integration.
LLuca Berton1 min read
VxWorks runs critical avionics, defense, and industrial controllers — it's behind every Mars rover and many satellites. The device firmware is built and certified offline; the cloud side (telemetry, fleet health, simulation runners, secure firmware staging) is what Terraform provisions, almost always inside AWS GovCloud or Azure Government.
GovCloud Telemetry Pattern
#provider "aws" {
region = "us-gov-west-1"
}
resource "aws_kinesis_stream" "vxworks" {
name = "vxworks-telemetry"
shard_count = 8
encryption_type = "KMS"
kms_key_id = aws_kms_key.gov.id
retention_period = 168 # 7 days
}
resource "aws_kms_key" "gov" {
description = "GovCloud telemetry"
enable_key_rotation = true
deletion_window_in_days = 30
}Firmware Staging Bucket
#resource "aws_s3_bucket" "fw" {
bucket = "vxworks-firmware-${var.env}"
}
resource "aws_s3_bucket_object_lock_configuration" "fw" {
bucket = aws_s3_bucket.fw.id
rule {
default_retention {
mode = "COMPLIANCE"
years = 7
}
}
}
resource "aws_s3_bucket_logging" "fw" {
bucket = aws_s3_bucket.fw.id
target_bucket = aws_s3_bucket.audit.id
target_prefix = "fw/"
}Wind River Studio CI Runner (FedRAMP Moderate)
#resource "aws_instance" "studio_runner" {
ami = data.aws_ami.al2023_gov.id
instance_type = "c7i.4xlarge"
subnet_id = var.private_gov_subnet_id
iam_instance_profile = aws_iam_instance_profile.runner.name
metadata_options {
http_tokens = "required"
}
tags = {
Name = "vxworks-studio-runner"
Compliance = "FedRAMP-Moderate"
}
}Best Practices
#- GovCloud or Azure Government — VxWorks programs almost always have ITAR/FedRAMP scope.
- Object Lock COMPLIANCE mode, multi-year retention on firmware.
- Air-gap signing: Terraform stages firmware artifacts; signing happens offline on an HSM.
- Tag with
Compliance=andProgram=for evidence collection.
Related
##Terraform#VxWorks#Wind River#Aerospace#GovCloud
Related articles
DevOps
Terraform for AIX on IBM Power Systems Virtual Server
Provision AIX on IBM Power Systems Virtual Server with Terraform: PowerVS instances, NIM-style image management, SAN volumes, and hybrid VPN.
1 min read
DevOps
Terraform for Android App Backends on Firebase and GCP
Provision Android app backends with Terraform: Firebase Auth, Firestore, FCM push, Cloud Run APIs, and Play Integrity API on Google Cloud.
1 min read
DevOps
Terraform for Android Automotive OS: Connected-Car Backends
Provision Android Automotive OS connected-car backends with Terraform: vehicle telemetry, OTA updates, maps APIs, and secure ingestion pipelines.
1 min read