For now I won't go into too much detail. Basically what you need is a medium laptop grade EC2 machine that runs a linux distribution and has enough storage space to handle a good amount of data. I personally use the following, with about 30gbs of AES:
As for security, in order to be able to communicate with the broker endpoints, just make sure that your device can send and receive information through the ports used for Orion-LD,mintaka,timescaleDB and MongoDB. (e.g 1026,9090 etc.). The easy way is to leave all the ports open, but that compromises security.
Once you are connected to the virtual machine the installation and running of the broker is the same as a local installation.
Of course since you probably won't send commands from the machine that the broker is installed , you should search in order to find what is the address of the server where the broker is running (you won't be using localhost) .