add celery task permission to read from s3 bucket

infra/ecs_main_admin.tf

@@ -780,3 +780,28 @@ data "aws_iam_policy_document" "admin_list_ecs_tasks" {
     }
   }
 }
+
+resource "aws_iam_role_policy_attachment" "celery_access_uploads_bucket" {
+  role       = aws_iam_role.admin_task.name
+  policy_arn = aws_iam_policy.celery_access_uploads_bucket.arn
+}
+
+resource "aws_iam_policy" "celery_access_uploads_bucket" {
+  name   = "${var.prefix}-celery-access-uploads-bucket"
+  path   = "/"
+  policy = data.aws_iam_policy_document.celery_access_uploads_bucket.json
+}
+
+data "aws_iam_policy_document" "celery_access_uploads_bucket" {
+  statement {
+    actions = [
+      "s3:ListObjects",
+      "s3:GetObject",
+      "s3:DeleteObject"
+    ]
+
+    resources = [
+      "${aws_s3_bucket.uploads.arn}/*",
+    ]
+  }
+}