TRANSFER-548: Add missing KMS and RDS permissions (#14)

`kms:CreateAlias` and `rds:ModifyDBParameterGroup` permissions were
missing from Airflow BYOA permissions set

---------

Co-authored-by: Yuriy Natarov <[email protected]>

Author: Acuion

iam.tf

@@ -648,13 +648,20 @@ data "aws_iam_policy_document" "doublecloud_airflow" {
     ]
   }
 
+  statement {
+    effect    = "Allow"
+    actions   = ["kms:CreateAlias"]
+    resources = ["arn:aws:kms:${local.region}:${local.account_id}:alias/airflow-afc*"]
+  }
+
   statement {
     effect = "Allow"
     actions = [
       "rds:AddTagsToResource",
       "rds:CreateDBInstance",
       "rds:CreateDBCluster",
       "rds:CreateDBParameterGroup",
+      "rds:ModifyDBParameterGroup",
     ]
     resources = [
       "arn:aws:rds:${local.region}:${local.account_id}:*:airflow-afc*",