MWAA
Managed Workflows for Apache Airflow
MWAA (Amazon Managed Workflows for Apache Airflow) is a fully managed service for orchestrating workflows on AWS.
By allowing Upriver’s agent to access MWAA, the agent can collect operational context that enables accurate insights, workflow awareness, and improved support for day-to-day data and platform operations.
CloudFormation Deployment
In order to gain access, Upriver will provide a CloudFormation template to run inside an AWS account.
This template creates the following entities:
IAM Role: upriver-access-role
A dedicated IAM role created in the account.
Trust policy allows the Upriver AWS account to assume the role.
Trust also includes ec2.amazonaws.com, a standard condition that does not modify existing EC2 behavior unless explicitly used.
Inline IAM Policy attached to upriver-access-role
The policy is scoped to MWAA and grants read-oriented access required for metadata collection.
The scope of access is controlled by two parameters:
MWAAEnvironmentName — when provided, restricts permissions to a specific environment; when omitted, permissions apply to all MWAA environments in the account.
AirflowRoleName — defines the Airflow RBAC role (e.g., Viewer, User, Op, Admin) that Upriver will use when invoking the MWAA Airflow REST API.
Permissions Granted
The policy attached to the role includes the following permissions:
Airflow REST API Invocation
Permission: airflow:InvokeRestApi
Purpose: Allows the role to call the Airflow REST API for the specified Airflow RBAC role.
Functionality: Enables retrieval of DAGs, task runs, and Airflow metadata necessary for constructing platform context.
Environment Metadata Access
Permissions:
airflow:GetEnvironment
airflow:ListEnvironments
Purpose: Provides the ability to discover MWAA environments and retrieve their basic configuration.
Functionality: Allows the agent to identify connection endpoints and validate environment availability.
These permissions do not allow creating, updating, or deleting any MWAA environment.
Last updated