Generated policy is missing certain IAM permissions

In my serverless.yml file, I’ve got IAM statements that look like this:

   - Effect: Allow
       - s3:ListBucket
       - dynamodb:DescribeStream
       - dynamodb:GetRecords
       - dynamodb:GetShardIterator
       - dynamodb:ListStreams
       - dynamodb:GetItem
       - dynamodb:PutItem
       - dynamodb:BatchWriteItem
       - dynamodb:Scan
       - logs:CreateLogGroup
       - logs:CreateLogStream
       - logs:PutLogEvents
     Resource: "*"

But I’m not seeing all of these reflected in the generated policy. Specifically, it seems to be missing:


I suspect that I’m getting some sort of default policy instead of the custom one I’m trying to make inside serverless.yml. Am I doing this wrong?

What IAM role did you check?

Did you wait for a while and check again? The role policy is not updated immediately, sometime you have to wait for several minutes.

I actually worked around this issue by adding a role manually in the AWS console and then linking to it in the provider section of serverless.yml.