An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied

#1

Hi all.
I may have wrong configuration and get the error An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied. when I run sls deploy.

To create service, I run serverless create --template aws-nodejs and named it my-service.
Using default serverless.yml, it’s like

service: my-service
provider:
  name: aws
  runtime: nodejs8.10
  stage: dev
  region: ap-northeast-1
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:ListBucket"
      Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ]  }
    - Effect: "Allow"
      Action:
        - "s3:PutObject"
      Resource:
        Fn::Join:
          - ""
          - - "arn:aws:s3:::"
            - "Ref" : "ServerlessDeploymentBucket"
            - "/*"
functions:
  hello:
    handler: handler.hello
resources:
 Resources:
   NewResource:
     Type: AWS::S3::Bucket
     Properties:
       BucketName: my-new-bucket
 Outputs:
    NewOutput:
      Description: "Description for the output"
      Value: "Some output value"

The handler.js is as is

'use strict';

module.exports.hello = async (event) => {
  return {
    statusCode: 200,
    body: JSON.stringify({
      message: 'Go Serverless v1.0! Your function executed successfully!',
      input: event,
    }, null, 2),
  };

  // Use this code if you don't use the http event with the LAMBDA-PROXY integration
  // return { message: 'Go Serverless v1.0! Your function executed successfully!', event };
};

When I run sls deploy, I get

C:\Users\user\workspace\serverless-test>sls deploy
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Creating Stack...
Serverless: Checking Stack create progress...
....
Serverless: Operation failed!
Serverless: View the full error output: https://ap-northeast-1.console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aap-northeast-1%3Axxxxxxxxxxxx%3Astack%2Fmy-service-dev%2F4a8d7ce0-71fa-11e9-9190-068e2b92c6b0

  Serverless Error ---------------------------------------

  An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Issues:        forum.serverless.com

  Your Environment Information ---------------------------
     OS:                     win32
     Node Version:           8.11.2
     Serverless Version:     1.41.1

My IAM role has “AdministratorAccess”. I could create s3 bucket via awscli so I believe I have right access.