Inspec profile files being ignored


I’m trying to follow the example in to loop through AWS IAM Roles and Profiles, but it doesn’t appear that the YAML file is getting read.

The error I’m receiving is:

aws_account_profile/controls/iam_spec.rb:4:in `load_with_context': undefined method `each' for nil:NilClass (NoMethodError)`


- role: adfs-cloudadministrators
  policy: CloudAdministrator
- role: adfs-developers
  policy: Developer
- role: adfs-platformengineers
  policy: PlatformEngineers
- role: adfs-security
  policy: SecOps
- role: adfs-supportadmins
  policy: SupportAdministrator


iam_roles = yaml(content: inspec.profile.file('roles.yml')).params
count = 0

iam_roles.each do |role|
  control "aws-account-1-#{count += 1}" do
    impact 1.0
    title "#{role['role']} role exists"
    desc "Each AWS account needs to have the #{role['role']} role."
    describe aws_iam_role("#{role['role']}") do
      it { should exist }

  control "aws-account-1-#{count += 1}" do
    impact 1.0
    title "#{role['policy']} policy exists"
    desc "Each AWS account needs to have the #{role['policy']} policy."
    describe aws_iam_policy("#{role['policy']}") do
      it { should exist }

As a debugging step, I also tried to execute this control:


iam_roles = yaml(content: inspec.profile.file('roles.yml')).params

puts "Contents of iam_roles:"
puts iam_roles
puts "End of iam_roles."

However, the output of iam_roles is blank. What am I doing wrong?

$ inspec version
1 Like

We are having the same issue. Any help would be greatly appreciated.

During my research, I found a cross-post on where coderanger referred the author to the #inspec channel on From there, I found a conversation on March 1st, 2018 that contained some sample code. The sample ran successfully against local and SSH targets, but fails to read the YAML file when targeting AWS resources.

Hey all, this is a bug. This seems to work fine with other transports/local mode. I have created:

To track this issue. Thanks for reporting it.

True to your name @jquick. I just opened an issue too and then saw your reply. So, I closed my issue and referenced yours. Thanks for looking into this.

No worries! The issue here is with the YAML resource. This should be addressed in the next release. For now you can use this work around:

iam_roles = YAML.load(inspec.profile.file('roles.yml'))

Which will manually load the YAML and should give you what you need.