diff --git a/infra/main.tf b/infra/main.tf
index d368eb8..78e5054 100644
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -141,16 +141,26 @@ resource "aws_iam_role_policy" "s3_access" {
 
   policy = jsonencode({
     Version = "2012-10-17"
-    Statement = [{
-      Effect = "Allow"
-      Action = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:HeadObject"]
-      Resource = [
-        aws_s3_bucket.icons[0].arn,
-        "${aws_s3_bucket.icons[0].arn}/*",
-        aws_s3_bucket.site.arn,
-        "${aws_s3_bucket.site.arn}/*",
-      ]
-    }]
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:HeadObject"]
+        Resource = [
+          aws_s3_bucket.icons[0].arn,
+          "${aws_s3_bucket.icons[0].arn}/*",
+          aws_s3_bucket.site.arn,
+          "${aws_s3_bucket.site.arn}/*",
+        ]
+      },
+      {
+        Effect = "Allow"
+        Action = ["s3:GetObject", "s3:ListBucket"]
+        Resource = [
+          "arn:aws:s3:::commoncrawl",
+          "arn:aws:s3:::commoncrawl/*",
+        ]
+      }
+    ]
   })
 }