[Bug]: `gateway install --force` breaks AWS credential discovery on EC2 instances with instance roles

[JiaDe-Wu]

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

gateway install --force regenerates the systemd service file and drops user-added Environment entries (e.g. AWS_PROFILE=default), breaking AWS SDK credential discovery on EC2 instances using IAM instance roles for Bedrock access.

Steps to reproduce

1. Deploy OpenClaw on EC2/ECS/Agent Core/Lambda with IAM instance/services role granting Bedrock access
2. Configure amazon-bedrock provider with "auth": "aws-sdk" in openclaw.json
3. Manually add Environment=AWS_PROFILE=default to the systemd service file to make credential chain work
4. Run openclaw gateway install --force (or upgrade triggers reinstall)
5. Gateway restarts via systemd
6. Main agent works, but pi-coding-agent subagent fails

Expected behavior

1. gateway install --force should preserve user-added Environment= entries in the systemd service file, or provide a documented override mechanism (e.g. systemd drop-in directory or config-level env block)
2. pi-coding-agent should inherit the parent gateway's amazon-bedrock provider config including "auth": "aws-sdk", not require a separate API key
3. AWS SDK credential chain (Instance Role → IMDS) should work out of the box in systemd environments on EC2

Actual behavior

1. gateway install --force regenerates the entire systemd service file, dropping any manually added Environment= entries (e.g. AWS_PROFILE=default)
2. pi-coding-agent fails with: No API key found for amazon-bedrock
3. Adding AWS_PROFILE=default to the service file fixes it, but gets overwritten on next gateway install --force
4. Error log:

⚠️ Agent failed before reply: No API key found for amazon-bedrock.
Use /login or set an API key environment variable.

OpenClaw version

2026.4.5 (3e72c03)

Operating system

Ubuntu 24.04 (arm64) on AWS EC2

Install method

npm global

Model

amazon-bedrock/global.anthropic.claude-opus-4-6-v1

Provider / routing chain

openclaw -> amazon-bedrock (Bedrock Converse Stream API)

Additional provider/model setup details

EC2 Instance Role with Bedrock access policy.
Provider config uses "auth": "aws-sdk" in openclaw.json.
No API keys — relies on IMDS credential chain.

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

Workaround

Add AWS_PROFILE=default to ~/.openclaw/.env:

AWS_PROFILE=default

This file is not overwritten by gateway install --force and is loaded by the gateway at startup.

Related Issues

• [Bug]: Stale OPENCLAW_GATEWAY_TOKEN in systemd service causes persistent device token mismatch after upgrade #17226 — Stale OPENCLAW_GATEWAY_TOKEN in systemd service after upgrade
• [Bug] --profile flag does not override inherited OPENCLAW_* environment variables during gateway install #28236 — --profile flag does not override inherited env vars during gateway install
• openclaw gateway status fails on EC2/headless servers due to missing user-level systemd #11805 — Gateway status fails on EC2/headless servers due to missing user-level systemd

[JiaDe-Wu]

For context — I maintain sample-OpenClaw-on-AWS-with-Bedrock (370+ stars, 100+ forks), which provides one-click CloudFormation deployment for OpenClaw on AWS using IAM instance roles + Amazon Bedrock. Every deployment uses EC2 instance roles for authentication — no API keys.

This regression in v2026.4.5 affects all users who upgrade via our template. I've already helped 10+ users resolve this exact issue. The ~/.openclaw/.env workaround is solid, but gateway install should natively handle IMDS credential discovery in systemd environments.

We also offer an enterprise version with additional AWS-native integrations (VPC endpoints, CloudTrail auditing, SSM-only access). If anyone from the OpenClaw team or community is interested in improving the AWS deployment experience, contributions are very welcome — especially around:

• Preserving user Environment entries during gateway install
• Auto-detecting EC2 IMDS credentials in systemd services
• Better "auth": "aws-sdk" support across all sub-agents

Happy to submit a PR if the team can point me to the relevant service-file generation code.

[sharkqwy]

I dug through current main and this looks reproducible by design in the install path.

What code is doing now:

• gateway install reads the currently loaded service env (service.readCommand(...).environment) and merges it into installEnv only for the install invocation context:
  https://github.com/openclaw/openclaw/blob/main/src/cli/daemon-cli/install.ts#L71-L76
• When generating the new unit env, it rebuilds from durable sources (~/.openclaw/.env + config env vars + auth-profile refs) plus computed service env, not arbitrary existing unit vars:
  https://github.com/openclaw/openclaw/blob/main/src/commands/daemon-install-helpers.ts#L71-L90
  https://github.com/openclaw/openclaw/blob/main/src/commands/daemon-install-helpers.ts#L135-L149
• buildServiceEnvironment then emits a curated set (HOME, proxy vars, PATH, OPENCLAW_*, etc), which does not include generic manual additions like AWS_PROFILE:
  https://github.com/openclaw/openclaw/blob/main/src/daemon/service-env.ts#L252-L282
  https://github.com/openclaw/openclaw/blob/main/src/daemon/service-env.ts#L314-L330
• Durable persistence path for custom env is explicitly state-dir .env / config env vars:
  https://github.com/openclaw/openclaw/blob/main/src/config/state-dir-dotenv.ts#L18-L27
  https://github.com/openclaw/openclaw/blob/main/src/config/state-dir-dotenv.ts#L53-L68

Concrete next action I suggest (I can open a PR if maintainers agree):

1. Add an install-time preserve step for user-managed env keys from existing service units (systemd/launchd), defaulting to safe filtering (skip OPENCLAW_*, dangerous host override vars).
2. Gate with an explicit flag/config, e.g. gateway.install.preserveExistingServiceEnv (default false for backward compatibility).
3. Add regression tests for gateway install --force on systemd ensuring a manually added safe key (e.g. AWS_PROFILE) survives rewrite when preserve mode is enabled.

That would keep current secure defaults but provide a first-class, non-fragile path for IAM/Bedrock deployments that rely on service-level env.

[wirjo]

This directly affects our deployment pattern too. We run OpenClaw on EC2 with IAM instance roles + Bedrock ("auth": "aws-sdk") and hit the exact same thing — gateway install --force nuking custom Environment= entries.

The ~/.openclaw/.env workaround is solid and what we use currently, but it's fragile and undiscoverable. @sharkqwy's analysis is spot-on — the install path deliberately rebuilds from durable sources and doesn't consider existing unit entries.

+1 on the proposed approach (preserve step with safe filtering). A few thoughts:

1. systemd drop-in directory (/etc/systemd/system/openclaw.service.d/) would be the most idiomatic Linux solution — survives any service file rewrite without needing custom logic in gateway install
2. Config-level env block (e.g. gateway.service.environment in openclaw.json) would be cross-platform and explicit
3. The buildServiceEnvironment allowlist approach means any new integration requiring env vars (not just AWS) hits this same wall

For AWS specifically: IMDS credential discovery should work without any env vars if the SDK is configured correctly. The issue is that pi-coding-agent doesn't inherit the parent's provider config — that feels like the deeper bug here. Sub-agents should inherit provider auth settings from the gateway config rather than requiring separate credential plumbing.

[sharkqwy]

Fresh follow-up after reading current main: there is a narrow place to make this safer without changing default env persistence behavior.

Code path today:

• runDaemonInstall reads current service env and only merges it into invocation env (installEnv) before rebuilding the plan (src/cli/daemon-cli/install.ts#L70-L76).
• The final persisted service env is rebuilt from durable sources + generated service env (buildGatewayInstallEnvironment), not from arbitrary existing service keys (src/commands/daemon-install-helpers.ts#L71-L90, #L143-L149).
• Durable sources are explicit (~/.openclaw/.env + config env refs), so manual service-only keys are outside the persistence set (src/config/state-dir-dotenv.ts#L18-L27, #L53-L68).
• Generated service env is intentionally curated (buildServiceEnvironment), so unrelated keys like AWS_PROFILE are excluded by design (src/daemon/service-env.ts#L252-L282, #L314-L330).

Concrete next action:

• Add a pre-install diff warning in runDaemonInstall (force path) that compares existingServiceEnv vs planned environment, and prints the exact keys that will be dropped unless moved to durable sources (~/.openclaw/.env / config env). This gives maintainers/users immediate visibility and prevents silent breakage while preserving current security/persistence model.

[sharkqwy]

Additional maintainer follow-up with exact patch shape (current main):

Evidence from runtime path:

• Existing service env is only read opportunistically when loaded and merged into invocation env (installEnv) before reinstall, not persisted as authoritative service env (src/cli/daemon-cli/install.ts:70-76).
• Persisted env is rebuilt from durable sources + generated service env (src/commands/daemon-install-helpers.ts:71-90, :135-149).
• Durable source is explicitly ~/.openclaw/.env + config env vars (src/config/state-dir-dotenv.ts:18-27, :61-68).
• Generated service env is intentionally curated (HOME/TMPDIR/proxy/PATH/OPENCLAW_*) and does not include arbitrary prior keys like AWS_PROFILE (src/daemon/service-env.ts:315-331, :273-283).

Proposed patch shape:

1. In gateway install --force, compute a pre-write diff of existingServiceEnv vs planned environment and collect dropped keys excluding expected managed keys (OPENCLAW_*, HOME, TMPDIR, proxy, PATH, etc).
2. Emit a warning listing dropped keys and remediation (move to ~/.openclaw/.env or config env.vars) before writing service metadata.
3. Add a regression test: if prior service env has AWS_PROFILE=foo and durable sources do not, force reinstall warns that AWS_PROFILE will be dropped.

Concrete maintainer next action: implement (1) as a small warning-only PR first (no behavior change), then decide separately whether to add an opt-in preserve mode.

[gabrieldenny-del]

Confirming this also affects Amazon Lightsail OpenClaw instances (not just EC2), with an additional wrinkle.

Environment: OpenClaw on Lightsail blueprint, openclaw-gateway managed by systemd, Bedrock provider with auth: aws-sdk.

What happened: After updating OpenClaw, the gateway failed all Bedrock calls with AccessDeniedException — the caller identity was AmazonLightsailInstance (the default Lightsail service role) instead of the customer IAM role with Bedrock permissions.

Root cause chain on Lightsail:

1. The Lightsail setup script (setup-lightsail-openclaw-bedrock-role.sh) creates the IAM role and trust policy, but does not create a corresponding AWS CLI profile in ~/.aws/config.
2. openclaw.env ships with AWS_PROFILE=assumed, but no profile named assumed exists — so the SDK silently falls back to instance metadata (the unprivileged AmazonLightsailInstance role).
3. Even after fixing openclaw.env to point to a valid profile, openclaw-gateway did not reliably inherit the AWS_PROFILE env var through systemd's EnvironmentFile directive.

Workaround that worked: Rather than relying on AWS_PROFILE being set, configure the [default] profile in ~/.aws/config to assume the Lightsail IAM role:

[default]
role_arn = arn:aws:iam::<account_id>:role/LightsailRoleFor-<instance_id>
credential_source = Ec2InstanceMetadata

This sidesteps the env var issue entirely since the AWS SDK uses the default profile when no AWS_PROFILE is set. Restart the gateway with sudo systemctl restart openclaw-gateway after making the change.

Additional note: The ~/.openclaw/.env workaround mentioned by @JiaDe-Wu may also work on Lightsail, but I haven't tested it.

+1 on the fix in #62673. For Lightsail specifically, the Lightsail setup script should also be updated to create the ~/.aws/config default profile, not just the IAM role.

[steipete]

Closing this as implemented after Codex review.

Current main already addresses the reported regression: forced gateway reinstall now preserves safe custom service env vars instead of dropping them, and Bedrock auth: "aws-sdk" now supports AWS SDK default-chain/IMDS auth without requiring a static API key marker for Pi/subagent flows.

What I checked:

• Forced reinstall now preserves safe custom service env vars: runDaemonInstall reads the loaded service environment, merges safe existing vars into the install invocation env, and passes existingEnvironment into the install-plan builder. The plan builder preserves non-managed safe vars, merges prior PATH segments behind the managed PATH, and tracks managed keys so removed managed vars do not linger as custom carryover. (src/cli/daemon-cli/install.ts:102, 8b76392e3e79)
• Preservation logic is implemented in the gateway install plan: collectPreservedExistingServiceEnvVars keeps prior safe custom env entries, buildGatewayInstallEnvironment layers them under durable/config-managed env, and OPENCLAW_SERVICE_MANAGED_ENV_KEYS prevents previously managed keys from being misclassified as user custom vars on later reinstalls. (src/commands/daemon-install-helpers.ts:178, 8b76392e3e79)
• Regression tests cover the old failure mode: Tests now assert that an existing service env preserves safe custom vars like GOBIN/BLOGWATCHER_HOME, merges PATH safely, blocks dangerous vars, and drops keys previously tracked as managed service env. (src/commands/daemon-install-helpers.test.ts:381, 8b76392e3e79)
• Bedrock aws-sdk auth now supports IMDS/default-chain without a fake API-key requirement: resolveAwsSdkAuthInfo() falls back to aws-sdk default chain when no AWS env marker is present, and Pi embedded auth explicitly allows aws-sdk mode without a static API key by preparing runtime auth or using a sentinel instead of throwing No API key errors. (src/agents/model-auth.ts:357, 8b76392e3e79)
• Docs and changelog show this shipped behavior: The Bedrock docs now state that AWS_PROFILE=default is only needed as an env marker and that IMDS instance-role auth works without env markers. The changelog also records the shipped fixes: Bedrock aws-sdk default-chain handling in 2026.4.5 and gateway install preservation of safe custom service env vars in 2026.4.10. (CHANGELOG.md:964, 8b76392e3e79)

So I’m closing this as already implemented rather than keeping a duplicate issue open.

Review notes: reviewed against 8b76392e3e79; fix evidence: release v2026.4.10.