Add IAM policy for uploading to archive bucket

To be used for automated archiving.

Author: victorlin

env/production/aws-iam-policy-NextstrainArchiveUpload.tf

@@ -0,0 +1,30 @@
+resource "aws_iam_policy" "NextstrainArchiveUpload" {
+  name        = "NextstrainArchiveUpload"
+  description = "Provides permissions to upload to the nextstrain-archive bucket"
+
+  policy = jsonencode({
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Sid": "ListBucket",
+        "Effect": "Allow",
+        "Action": "s3:ListBucket",
+        "Resource": "arn:aws:s3:::nextstrain-archive"
+      },
+      {
+        "Sid": "PutObjectIfAbsent",
+        "Effect": "Allow",
+        "Action": "s3:PutObject",
+        "Resource": "arn:aws:s3:::nextstrain-archive/*"
+        # TODO: Add --if-none-match when Nextstrain Docker image moves to AWS CLI v2.
+        # <https://github.com/nextstrain/docker-base/issues/216>
+      },
+      {
+        "Sid": "AbortMultipartUpload",
+        "Effect": "Allow",
+        "Action": "s3:AbortMultipartUpload",
+        "Resource": "arn:aws:s3:::nextstrain-archive/*"
+      }
+    ]
+  })
+}