diff --git a/.circleci/config.yml b/.circleci/config.yml
index 4e4179f6d..2e1e03209 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -80,7 +80,7 @@ jobs:
           file: coverage.txt
   check-lint:
     executor: golang
-    resource_class: large
+    resource_class: xlarge
     steps:
       - checkout
       - run: git fetch --all
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2578e7a12..26929dfb5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,7 @@
     supported builders [GH-9238]
 * post-processor/vsphere-template: Add VSphere builder's artifact to vsphere-
     template's supported types [GH-9146]
+* provisioner/inspec: Fix build variables interpolation [GH-9262]
 * provisioner/powershell: Fix long-wait retry loop caused by cleanup logic
     [GH-9226]
 
diff --git a/provisioner/inspec/provisioner.go b/provisioner/inspec/provisioner.go
index 82736e0f7..d3449ef6e 100644
--- a/provisioner/inspec/provisioner.go
+++ b/provisioner/inspec/provisioner.go
@@ -189,8 +189,21 @@ func (p *Provisioner) getVersion() error {
 	return nil
 }
 
-func (p *Provisioner) Provision(ctx context.Context, ui packer.Ui, comm packer.Communicator, _ map[string]interface{}) error {
+func (p *Provisioner) Provision(ctx context.Context, ui packer.Ui, comm packer.Communicator, generatedData map[string]interface{}) error {
 	ui.Say("Provisioning with Inspec...")
+	p.config.ctx.Data = generatedData
+
+	userp, err := interpolate.Render(p.config.User, &p.config.ctx)
+	if err != nil {
+		return fmt.Errorf("Could not interpolate inspec user: %s", err)
+	}
+	p.config.User = userp
+
+	host, err := interpolate.Render(p.config.Host, &p.config.ctx)
+	if err != nil {
+		return fmt.Errorf("Could not interpolate inspec user: %s", err)
+	}
+	p.config.Host = host
 
 	for i, envVar := range p.config.InspecEnvVars {
 		envVar, err := interpolate.Render(envVar, &p.config.ctx)
@@ -334,11 +347,14 @@ func (p *Provisioner) executeInspec(ui packer.Ui, comm packer.Communicator, priv
 	args = append(args, "--backend", p.config.Backend)
 	args = append(args, "--host", p.config.Host)
 
+	if p.config.User != "" {
+		args = append(args, "--user", p.config.User)
+	}
+
 	if p.config.Backend == "ssh" {
 		if len(privKeyFile) > 0 {
 			args = append(args, "--key-files", privKeyFile)
 		}
-		args = append(args, "--user", p.config.User)
 		args = append(args, "--port", strconv.Itoa(p.config.LocalPort))
 	}
 
diff --git a/website/pages/docs/provisioners/inspec.mdx b/website/pages/docs/provisioners/inspec.mdx
index 5da85eae2..681d68da9 100644
--- a/website/pages/docs/provisioners/inspec.mdx
+++ b/website/pages/docs/provisioners/inspec.mdx
@@ -106,6 +106,23 @@ Optional Parameters:
 
 @include 'provisioners/common-config.mdx'
 
+## Accepting the InSpec license
+
+Chef InSpec requires accepting the license before starting to use the tool.
+This can be done via `inspec_env_vars` in the template:
+
+```
+"provisioners": [
+    {
+      "type": "inspec",
+      "inspec_env_vars": [ "CHEF_LICENSE=accept"],
+      "profile": "https://github.com/dev-sec/linux-baseline"
+    }
+  ],
+```
+
+See their [official docs](https://docs.chef.io/chef_license_accept/) to learn other ways to accept the license.
+
 ## Default Extra Variables
 
 In addition to being able to specify extra arguments using the