allow ec2 to access common crawl s3

infra/main.tf

@@ -141,7 +141,8 @@ resource "aws_iam_role_policy" "s3_access" {
 
   policy = jsonencode({
     Version = "2012-10-17"
-    Statement = [{
+    Statement = [
+      {
         Effect = "Allow"
         Action = ["s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket", "s3:HeadObject"]
         Resource = [
@@ -150,7 +151,16 @@ resource "aws_iam_role_policy" "s3_access" {
           aws_s3_bucket.site.arn,
           "${aws_s3_bucket.site.arn}/*",
         ]
-    }]
+      },
+      {
+        Effect = "Allow"
+        Action = ["s3:GetObject", "s3:ListBucket"]
+        Resource = [
+          "arn:aws:s3:::commoncrawl",
+          "arn:aws:s3:::commoncrawl/*",
+        ]
+      }
+    ]
   })
 }