S3 permission with AWX

When rolling out the ansible roles using AWX, the EC2 instance running the AWX taskrunner will need permission to PUT and GET objects from the lambda S3 bucket as we'll be running docker inside docker. The policy required is:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::<LambdaS3BucketName>/lambda/*",
            "Effect": "Allow"
        }
    ]
}

I think it would be best if the policy is attached to the ECSEC2Role by this role as this role is also responsible for creating the S3 bucket.