add IAM policy to ariflow

terraform/modules/services/airflow/dags/uk/elasticbeanstalk.py

@@ -37,15 +37,15 @@
         elb_2 = PythonOperator(
             task_id=f"scale_2_{name}",
             python_callable=scale_elastic_beanstalk_instance,
-            op_args = {'name': name, 'number_of_instances': 2, 'sleep_seconds': 60*5},
+            op_kwargs = {'name': name, 'number_of_instances': 2, 'sleep_seconds': 60*5},
             task_concurrency=2,
             # on_failure_callback=on_failure_callback,
         )
 
         elb_1 = PythonOperator(
             task_id=f"scale_1_{name}",
             python_callable=scale_elastic_beanstalk_instance,
-            op_args={'name': name, 'number_of_instances': 1},
+            op_kwargs={'name': name, 'number_of_instances': 1},
             task_concurrency=2,
             # on_failure_callback=on_failure_callback,
         )

terraform/modules/services/airflow/iam.tf

@@ -119,6 +119,42 @@ resource "aws_iam_policy" "read-secrets" {
     })
 }
 
+# allow updating of elb and autoscaling
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Sid": "VisualEditor0",
+			"Effect": "Allow",
+			"Action": [
+				"s3:*",
+				"ec2:DescribeSecurityGroups",
+				"ec2:DescribeImages",
+				"ec2:DescribeInstances",
+				"ec2:DescribeVpcs",
+				"ec2:DescribeSubnets",
+				"cloudformation:Describe*",
+				"cloudformation:Get*",
+				"cloudformation:List*",
+				"cloudformation:Validate*",
+				"cloudformation:Estimate*",
+				"cloudformation:UpdateStack",
+				"cloudformation:CancelUpdateStack",
+				"autoscaling:DescribeAutoScalingGroups",
+				"autoscaling:DescribeLaunchConfigurations",
+				"autoscaling:UpdateAutoScalingGroup",
+				"autoscaling:DescribeScalingActivities",
+				"elasticbeanstalk:UpdateEnvironment",
+				"elasticloadbalancing:DescribeLoadBalancers",
+				"logs:CreateLogGroup",
+				"logs:PutRetentionPolicy",
+				"logs:DescribeLogGroups"
+			],
+			"Resource": "*"
+		}
+	]
+}
+
 ##################
 # Service role
 ##################