https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
On Sat, 1 Dec 2018, m...@netbsd.org wrote:
This feels all kinds of insecure, is that the official way to do it?Index: src/distrib/utils/embedded/files/ec2_init diff -u /dev/null src/distrib/utils/embedded/files/ec2_init:1.1 --- /dev/null Fri Nov 30 20:53:02 2018 +++ src/distrib/utils/embedded/files/ec2_init Fri Nov 30 20:53:02 2018 @@ -0,0 +1,52 @@ +#!/bin/sh +# +# $NetBSD: ec2_init,v 1.1 2018/11/30 20:53:02 jmcneill Exp $ +# +# PROVIDE: ec2_init +# REQUIRE: NETWORKING +# BEFORE: LOGIN + +$_rc_subr_loaded . /etc/rc.subr + +name="ec2_init" +rcvar=${name} +start_cmd="ec2_init" +stop_cmd=":" + +METADATA_URL="http://169.254.169.254/latest/meta-data/"; +SSH_KEY_URL="public-keys/0/openssh-key" +HOSTNAME_URL="hostname" + +SSH_KEY_FILE="/root/.ssh/authorized_keys" + +ec2_init() +{ + ( + umask 022 + # fetch the key pair from Amazon Web Services + EC2_SSH_KEY=$(ftp -o - "${METADATA_URL}${SSH_KEY_URL}") + + if [ -n "$EC2_SSH_KEY" ]; then + # A key pair is associated with this instance, add it + # to root 'authorized_keys' file + mkdir -p $(dirname "$SSH_KEY_FILE") + touch "$SSH_KEY_FILE" + cd $(dirname "$SSH_KEY_FILE") + + grep -q "$EC2_SSH_KEY" "$SSH_KEY_FILE" + if [ $? -ne 0 ]; then + echo "Setting EC2 SSH key pair: ${EC2_SSH_KEY##* }" + echo "$EC2_SSH_KEY" >> "$SSH_KEY_FILE" + fi + fi + + # set hostname + HOSTNAME=$(ftp -o - "${METADATA_URL}${HOSTNAME_URL}") + echo "Setting EC2 hostname: ${HOSTNAME}" + echo "$HOSTNAME" > /etc/myname + hostname "$HOSTNAME" + ) +} + +load_rc_config $name +run_rc_command "$1"
