Various fixes for MWAA verify_env.py script

bishtawi · bishtawi · commit 4916ff5f2559 · 2022-07-19T11:23:11.000-07:00
diff --git a/MWAA/verify_env/verify_env.py b/MWAA/verify_env/verify_env.py
@@ -88,7 +88,7 @@ def validation_profile(profile_name):
     '''
     verify profile name doesn't have path to files or unexpected input
     '''
-    if re.match(r"^[a-zA-Z0-9]*$", profile_name):
+    if re.match(r"^[a-zA-Z0-9_-]*$", profile_name):
         return profile_name
     raise argparse.ArgumentTypeError("%s is an invalid profile name value" % profile_name)
 
@@ -580,13 +580,13 @@ def check_egress_acls(acls, dst_port):
     '''
     for acl in acls:
         # check ipv4 acl rule only
-        if acl.get('CidrBlock'):
+        if acl.get('CidrBlock') and acl.get('Protocol') != '1':
             # Check Port
             if ((acl.get('Protocol') == '-1') or
                (dst_port in range(acl['PortRange']['From'], acl['PortRange']['To'] + 1))):
                 # Check Action
                 return acl['RuleAction'] == 'allow'
-    return ""
+    return False
 
 
 def check_ingress_acls(acls, src_port_from, src_port_to):
@@ -595,15 +595,15 @@ def check_ingress_acls(acls, src_port_from, src_port_to):
     '''
     for acl in acls:
         # check ipv4 acl rule only
-        if acl.get('CidrBlock'):
+        if acl.get('CidrBlock') and acl.get('Protocol') != '1':
             # Check Port
-            test_range = range(src_port_from, src_port_to)
+            test_range = range(src_port_from, src_port_to + 1)
             set_test_range = set(test_range)
             if ((acl.get('Protocol') == '-1') or
                set_test_range.issubset(range(acl['PortRange']['From'], acl['PortRange']['To'] + 1))):
                 # Check Action
                 return acl['RuleAction'] == 'allow'
-    return ""
+    return False
 
 
 def check_nacl(input_subnets, input_subnet_ids, ec2_client):
