ausfestivus/gist:48879d6f472ae30a88d0323c47c55528

## gistfile1.yaml
    # EC2 Cfn Metadata.
    Metadata:
      AWS::CloudFormation::Init:
        # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html
        # Our cfn-init config set rules, divided into logical sections to make reading it easier, hopefully :)
        configSets:
          myCfnConfigSet:
            - "configure_cfn"
            - "install_software"
            - "generate_secrets"
            #- "configure_server"
            #- "upload_files"

        # Configure and start cfn-hup
        # cfn-hup will poll the stack for changes, and if possible, apply instance changes in place on the instance
        configure_cfn:
          files:
            /etc/cfn/hooks.d/cfn-auto-reloader.conf:
              content: !Sub |
                [cfn-auto-reloader-hook]
                triggers=post.update
                path=Resources.EC2OpenSwanVPNInstance.Metadata.AWS::CloudFormation::Init
                action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource EC2OpenSwanVPNInstance --configsets myCfnConfigSet --region ${AWS::Region}
              mode: "000400"
              owner: root
              group: root
            /etc/cfn/cfn-hup.conf:
              content: !Sub |
                [main]
                stack=${AWS::StackId}
                region=${AWS::Region}
                verbose=true
                interval=1
              mode: "000400"
              owner: root
              group: root
          services:
            sysvinit:
              cfn-hup:
                enabled: "true"
                ensureRunning: "true"
                files:
                  - "/etc/cfn/cfn-hup.conf"
                  - "/etc/cfn/hooks.d/cfn-auto-reloader.conf"

        # Install the latest version of OpenSwanVPN via the yum package manager
        # Note that the actual package name is `libreswan`
        install_software:
          packages:
            yum:
              libreswan: []

        # Generate our secrets config
        generate_secrets:
        # The problem is HERE
        # I want to create a file based on the 'VPNConfLabel' which is an entered param above. (though not included here)
        # Hope thats enough to go on.
          files: !Sub
            - /etc/ipsec.d/${VPNConfLabel}.secrets
            - { VPNConfLabel: !Ref VPNServiceName }
          content: !Sub |
            ${myEIP} ${myRightID}\: PSK "${myPSK}"
          mode: "000600"
          owner: root
          group: root
	# EC2 Cfn Metadata.
	Metadata:
	AWS::CloudFormation::Init:
	# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html
	# Our cfn-init config set rules, divided into logical sections to make reading it easier, hopefully :)
	configSets:
	myCfnConfigSet:
	- "configure_cfn"
	- "install_software"
	- "generate_secrets"
	#- "configure_server"
	#- "upload_files"

	# Configure and start cfn-hup
	# cfn-hup will poll the stack for changes, and if possible, apply instance changes in place on the instance
	configure_cfn:
	files:
	/etc/cfn/hooks.d/cfn-auto-reloader.conf:
	content: !Sub \|
	[cfn-auto-reloader-hook]
	triggers=post.update
	path=Resources.EC2OpenSwanVPNInstance.Metadata.AWS::CloudFormation::Init
	action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource EC2OpenSwanVPNInstance --configsets myCfnConfigSet --region ${AWS::Region}
	mode: "000400"
	owner: root
	group: root
	/etc/cfn/cfn-hup.conf:
	content: !Sub \|
	[main]
	stack=${AWS::StackId}
	region=${AWS::Region}
	verbose=true
	interval=1
	mode: "000400"
	owner: root
	group: root
	services:
	sysvinit:
	cfn-hup:
	enabled: "true"
	ensureRunning: "true"
	files:
	- "/etc/cfn/cfn-hup.conf"
	- "/etc/cfn/hooks.d/cfn-auto-reloader.conf"

	# Install the latest version of OpenSwanVPN via the yum package manager
	# Note that the actual package name is `libreswan`
	install_software:
	packages:
	yum:
	libreswan: []

	# Generate our secrets config
	generate_secrets:
	# The problem is HERE
	# I want to create a file based on the 'VPNConfLabel' which is an entered param above. (though not included here)
	# Hope thats enough to go on.
	files: !Sub
	- /etc/ipsec.d/${VPNConfLabel}.secrets
	- { VPNConfLabel: !Ref VPNServiceName }
	content: !Sub \|
	${myEIP} ${myRightID}\: PSK "${myPSK}"
	mode: "000600"
	owner: root
	group: root