aws/iam: Allow server to read s3://nextstrain-inventories/resources.json.gz

Based on changes @jameshadfield made in the AWS Console, but stripped
down to just the single object necessary by the current consuming code.

Author: tsibley

aws/iam/policy/NextstrainDotOrgServerInstance-testing.tftpl.json

@@ -55,6 +55,16 @@
       "Resource": [
         "arn:aws:cognito-idp:us-east-1:827581582529:userpool/${COGNITO_USER_POOL_ID}"
       ]
+    },
+    {
+      "Sid": "GetResourcesIndex",
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::nextstrain-inventories/resources.json.gz"
+      ]
     }
   ]
 }

aws/iam/policy/NextstrainDotOrgServerInstance.tftpl.json

@@ -44,6 +44,16 @@
       "Resource": [
         "arn:aws:cognito-idp:us-east-1:827581582529:userpool/${COGNITO_USER_POOL_ID}"
       ]
+    },
+    {
+      "Sid": "GetResourcesIndex",
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::nextstrain-inventories/resources.json.gz"
+      ]
     }
   ]
 }