diff --git a/molecules/spinbase-amazon-ami-image-template.common b/molecules/spinbase-amazon-ami-image-template.common
index 4b858bc..49574d6 100644
--- a/molecules/spinbase-amazon-ami-image-template.common
+++ b/molecules/spinbase-amazon-ami-image-template.common
@@ -32,7 +32,7 @@ inner_chroot_script_after: /sabayon/scripts/image_generic_inner_chroot_script_af
 
 # Outer chroot script command, to be executed outside destination chroot before
 # before entering it (and AFTER inner_chroot_script)
-outer_chroot_script_after: /sabayon/scripts/remaster_post.sh
+outer_chroot_script_after: /sabayon/scripts/image_remaster_post.sh
 
 # Pre-image building script. Hook called before image file creation
 # Variables exported:
diff --git a/remaster/ec2_image/ec2.start b/remaster/ec2_image/ec2.start
new file mode 100755
index 0000000..d8f0322
--- /dev/null
+++ b/remaster/ec2_image/ec2.start
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Setup Amazon EC2 provided SSH key
+
+ssh_root=/root/.ssh
+if [ ! -d "${ssh_root}" ] ; then
+	mkdir "${ssh_root}"
+fi
+chmod 700 "${ssh_root}"
+
+# As documented in http://awsdocs.s3.amazonaws.com/EC2/latest/ec2-ug.pdf
+wget -qO- http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/openssh-key
+if [ "${?}" = "0" ]; then
+	cat /tmp/openssh-key >> "${ssh_root}"/authorized_keys
+fi
+rm -f /tmp/openssh-key
diff --git a/scripts/image_generic_inner_chroot_script_after.sh b/scripts/image_generic_inner_chroot_script_after.sh
index 8b70fbc..1523faa 100755
--- a/scripts/image_generic_inner_chroot_script_after.sh
+++ b/scripts/image_generic_inner_chroot_script_after.sh
@@ -22,8 +22,8 @@ rc-update del x-setup boot
 # Enable ssh
 rc-update add sshd default
 
-# setup default root password
-echo "root:sabayonamichangeme" | chpasswd
+# delete root password, only ssh allowed
+passwd -d root
 
 # setup UTC clock
 sed -i 's:clock=".*":clock="UTC":' /etc/conf.d/hwclock || exit 1
@@ -58,7 +58,6 @@ kernel ${kernel_bin} root=/dev/sda1
 " > /boot/grub/grub.conf
 # initrd ${initrd_bin}
 
-
 # Generate list of installed packages
 equo query list installed -qv > /etc/sabayon-pkglist
 
diff --git a/scripts/image_remaster_post.sh b/scripts/image_remaster_post.sh
new file mode 100755
index 0000000..5dc4c11
--- /dev/null
+++ b/scripts/image_remaster_post.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# execute parent script
+/sabayon/scripts/remaster_post.sh
+if [ "${?}" != "0" ]; then
+	exit 1
+fi
+
+# Setup provisioning script for Amazon EC2 to load at startup
+EC2_DIR="/sabayon/remaster/ec2_image"
+PROV_SCRIPT="ec2.start"
+cp -p "${EC2_DIR}/${PROV_SCRIPT}" "${CHROOT_DIR}/etc/local.d/"  || exit 1
+chown root:root "${CHROOT_DIR}/etc/local.d/${PROV_SCRIPT}" || exit 1
+chmod 744 "${CHROOT_DIR}/etc/local.d/${PROV_SCRIPT}" || exit 1
+
+exit 0