Command failed: npx sls s3deploy

When running serverless deploy I am getting AccessDenied when it is trying to Removing old service artifacts from S3

I am confused on which IAM permissions I should be given my policy. I have already given it full access to S3 so not sure what else I am missing.

Here is my serverless.yml

service: <redacted>
frameworkVersion: "3"
useDotenv: true
variablesResolutionMode: 20210326
disabledDeprecations:
  - CLI_OPTIONS_SCHEMA # some Serverless plugins haven't been updated yet and generate warnings

provider:
  name: aws
  runtime: nodejs12.x
  region: ${opt:region, 'us-east-2'}
  stage: ${opt:stage, 'development'}
  memorySize: 512
  timeout: 6
  logRetentionInDays: 7
  lambdaHashingVersion: 20201221 # for upcoming Serverless v3
  deploymentMethod: direct

  apiGateway:
    shouldStartNameWithService: true # for upcoming Serverless v3

  environment:
    SERVERLESS_PROJECT: ${self:service}
    SERVERLESS_REGION: ${self:provider.region}
    SERVERLESS_STAGE: ${self:provider.stage}

    APP_DIST_URL: ${self:custom.distBucketUrl.${self:provider.region}, self:custom.distBucketUrl.default}
    APP_PUBLIC_URL: ${self:custom.distBucketUrl.${self:provider.region}, self:custom.distBucketUrl.default}
    APIGATEWAY_URL:
      Fn::Join:
        - ""
        - - https://
          - Ref: ApiGatewayRestApi
          - .execute-api.
          - Ref: AWS::Region
          - .amazonaws.com/
          - ${self:provider.stage}

plugins:
  - serverless-webpack
  - serverless-plugin-scripts
  - serverless-offline
  - serverless-s3-deploy
functions:
  serve:
    # Any web request regardless of path or method will be handled by a single Lambda function
    handler: handler.serve
    events:
      - http:
          path: /
          method: any
          cors: true
      - http:
          path: /{any+}
          method: any
          cors: true

custom:
  distBucketUrl:
    us-east-2:
      # us-east-1 uses a different URL format than the other regions
      Fn::Join:
        - ""
        - - https://s3.amazonaws.com/
          - Ref: DistBucket
    default:
      # All other regions
      Fn::Join:
        - ""
        - - https://s3-
          - Ref: AWS::Region
          - .amazonaws.com/
          - Ref: DistBucket

  scripts:
    hooks:
      # Build the client-side script before packaging backend code
      package:initialize: "npm run build:browser"
      deploy:finalize: "npx sls s3deploy --stage ${self:provider.stage}"

  webpack:
    webpackConfig: "webpack.server.config.js"

  assets:
    # Automatically copy distribution folder to S3 stopped working; do it manually (see `scripts.hooks.deploy:finalize`)
    auto: false
    targets:
      - bucket:
          Ref: DistBucket
        acl: public-read
        files:
          - source: dist/
            headers:
              CacheControl: max-age=31104000 # 1 year
            globs:
              - "**/*"

  serverless-offline:
    useChildProcesses: true
    noPrependStageInUrl: true
    httpPort: 3000
    lambdaPort: 3002

resources:
  Resources:
    # Customize the API Gateway resource
    ApiGatewayRestApi:
      Type: AWS::ApiGateway::RestApi
      Properties:
        # Enable gzip compression
        MinimumCompressionSize: 1000

    # S3 Bucket for the distribution bundles
    DistBucket:
      Type: AWS::S3::Bucket
      DeletionPolicy: Delete
      Properties:
        CorsConfiguration:
          CorsRules:
            - AllowedHeaders:
                - "*"
              AllowedMethods:
                - "GET"
              AllowedOrigins:
                - Fn::Join:
                    - ""
                    - - https://
                      - Ref: ApiGatewayRestApi
                      - .execute-api.
                      - Ref: AWS::Region
                      - .amazonaws.com
              MaxAge: 3000

  Outputs:
    ApiGatewayRestApi:
      Description: API Gateway Endpoint
      Value:
        Ref: ApiGatewayRestApi
    DistBucket:
      Description: Distribution S3 Bucket
      Value:
        Ref: DistBucket```