Apigateway cloudwatch log group role

I have serverless to deploy api gateways to aws. My .yaml file was working fine and recently I deleted the stack and apigateways as clean up activity and tried deploying agian.

Unfortunately out of 3 api, one of the api is giving error for creating role for lambda for enabling apigateway cloud watch logs role. I am not sure but other 2 api’s I have setup does not try to create any custom lambda role and works fine within same aws account. Can there be possible reason of any other difference causing this different behavior like for one api service it tries to create custom role and other it does not? I don’t see any difference in code and this was deployed before using same template before without need of custom role.

 An error occurred: IamRoleCustomResourcesLambdaExecution - API: iam:CreateRole User: arn:aws:sts::<some role name> is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::<some resource name>with an explicit deny