Updated ec2 public key retrieval script. Added chkconfig and better default perms

ec2-get-ssh.sh

#!/bin/bash
#
# chkconfig: 2345 51 20
# processname: ec2-get-ssh
# description: Capture AWS public key credentials for EC2 user

# Source function library
. /etc/rc.d/init.d/functions

# Source networking configuration
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network

# Replace the following environment variables for your system
export PATH=:/usr/bin:/usr/sbin:/bin:/sbin
 
# Check that networking is configured
if [ "${NETWORKING}" = "no" ]; then
  echo "Networking is not configured."
  exit 1
fi

start() {
  if [ ! -d /root/.ssh ]; then
    mkdir --parents --mode=0700 /root/.ssh
  fi
  # Retrieve public key from metadata server using HTTP
  (umask 0022; touch /tmp/my-public-key)
  curl -s http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/my-public-key
  if [ $? -eq 0 ]; then
    echo "EC2: Retrieve public key from metadata server using HTTP." 
    if [ -s /tmp/my-public-key ]; then
      mpk=$(cat /tmp/my-public-key)
      if [ -s /root/.ssh/authorized_keys ]; then
         echo "checking if key already exists.."
         ( cat /root/.ssh/authorized_keys | grep "$mpk" ) 2>&1 >> /dev/null && echo "Key already exists." || ( cat /tmp/my-public-key >> /root/.ssh/authorized_keys ) 
      else
        (umask 0022; touch /root/.ssh/authorized_keys)
        cat /tmp/my-public-key >> /root/.ssh/authorized_keys
        chmod 0600 /root/.ssh/authorized_keys
      fi
      rm /tmp/my-public-key
    fi
  fi
}
 
stop() {
  echo "Nothing to do here"
}

restart() {
  stop
  start
}

# See how we were called.
case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    restart
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart}"
    exit 1
esac

exit $?