Greetings,
I’m trying to follow the example in https://github.com/chef/inspec/blob/master/docs/profiles.md#profile-files to loop through AWS IAM Roles and Profiles, but it doesn’t appear that the YAML file is getting read.
The error I’m receiving is:
aws_account_profile/controls/iam_spec.rb:4:in `load_with_context': undefined method `each' for nil:NilClass (NoMethodError)`
aws_account_profile/files/roles.yml:
---
- role: adfs-cloudadministrators
policy: CloudAdministrator
- role: adfs-developers
policy: Developer
- role: adfs-platformengineers
policy: PlatformEngineers
- role: adfs-security
policy: SecOps
- role: adfs-supportadmins
policy: SupportAdministrator
aws_account_profile/controls/iam_spec.rb:
iam_roles = yaml(content: inspec.profile.file('roles.yml')).params
count = 0
iam_roles.each do |role|
control "aws-account-1-#{count += 1}" do
impact 1.0
title "#{role['role']} role exists"
desc "Each AWS account needs to have the #{role['role']} role."
describe aws_iam_role("#{role['role']}") do
it { should exist }
end
end
control "aws-account-1-#{count += 1}" do
impact 1.0
title "#{role['policy']} policy exists"
desc "Each AWS account needs to have the #{role['policy']} policy."
describe aws_iam_policy("#{role['policy']}") do
it { should exist }
end
end
end
As a debugging step, I also tried to execute this control:
aws_account_profile/controls/iam2_spec.rb:
iam_roles = yaml(content: inspec.profile.file('roles.yml')).params
puts "Contents of iam_roles:"
puts iam_roles
puts "End of iam_roles."
However, the output of iam_roles
is blank. What am I doing wrong?
$ inspec version
2.0.17