When deploying AWS Lambda functions that interact with your S3 buckets to read files and extract key metadata, and you are managing these Lambda functions using AWS Serverless Application Model (SAM):

Which policy should you include in your serverless model template to ensure the Lambda functions have read access to the specified S3 buckets?