ClawRun would deploy the agent on a sandbox. Think of it as a super lightweight environment running your workload. EC2 gives you a full VM which means slow boots, manual cleanup, big blast radius if your agent breaks out. You manage everything, AMIs, security groups, teardown.

ClawRun manages that entire lifecycle for you including the snapshotting, firewall configuration, etc.