Scope down unnecessary permissions

[Almenon]

What does this PR do?

• Unpins version for more flexibility - AWS version pinning #21
• Tightens permissions for better security
• Add secret_prefix var one can use to grant MWAA access to secrets under a certain prefix.

Motivation

My workplace pays me to do devops, and I can use that money to buy donuts. On a more specific level, these changes are needed for our security requirements at iSpot. The version pinning is needed to avoid conflicts.

More

• Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
• Yes, I ran pre-commit run -a with this PR

For Moderators

• E2E Test successfully complete before merge?

Additional Notes

[askulkarni2]

@Almenon thank you for the PR. Can you please open separate out the PR for version pinning, secrets, and scoped down permissions? Also please create issues for the secret and permissions so we can examine it closely.

[vara-bonthu]

@Almenon thanks for creating the issues. Would you mind splitting the PR? One for TF versions and other one for permissions?

We will merge the versions ASAP and investigate the permissions after.

Thanks 🙏

[vara-bonthu]

Thanks for the PR @Almenon ! Left few comments needs addressing other than that we are good to go.

[Almenon]

@vara-bonthu done, and good point. Thanks.

[Almenon]

@vara-bonthu following up on this, good to merge?

[vara-bonthu]

@vara-bonthu following up on this, good to merge?

@Almenon Sorry for the delay. We are planning to test this feature and include this as a part of any upgrades required. I will merge it once its tested

[Chili-Man]

@vara-bonthu any updates on this? It's important to have the reduced permissions.

@Almenon any interest in updating this PR to resolve the branch conflicts? if not, I'm happy to port over these changes to a new pr that is up to date with the main branch

[Almenon]

Updated. I opened a new PR with conflicts resolved. See #49