Use Serverless without Iam GetRole authorization

I am using AWS Educate Starter account but their user account policy don’t allow to have Iam GetRole. So I am having this kind off errors in both Serverless framework and Zappa -

An error occurred: IamRoleLambdaExecution - API: iam:GetRole 
User: arn:aws:iam::XXXXXXXXXXX:user/awsstudent is not authorized to perform: 
iam:GetRole on resource: role hello-world-dev-us-west-2-lambdaRole.

Is there any way to get the job done without this authorization. I know that my access key has the full access to AWS lamda, S3, Api Gateway etc.

I’m not sure this is possible. The framework wires up the necessary IAM permissions for lambda functions working with API gateway etc.

Thats why it needs specific IAM roles

To solve this problem I created a User Defined Policy say “iam_get_role_policy” with the following details
Service: IAM
Actions: Read (all of them), Write (CreateRole)

Assign this policy to the User’s group.

Hi Team,
Make sure the requested region in IAM policy for iam:* is not restricted to us-west-2
Iam:* should be global.

Does your solution work for sls remove? I bet not, but it would be great to know.

See, serverless remove fails due to managed policies automatically added to IAM Roles again · Issue #11133 · serverless/serverless · GitHub