Thanks for this helpful article! It is shameful that ServerIess Framework officially suggests using the AdministratorAccess policy.

Your policies may have worked at the time, but I needed to make some modifications to get this working today:

* Made the S3 bucket prefix sampleproject-* as Serverless provides a unique identifier.

* Removed OPTIONS and HEAD from the API Gateway permissions, which no longer seem to be valid.

* restapis -> apis

* Added iam:CreateRole, iam:DeleteRole, iam:DeleteRolePolicy, iam:GetRole, and iam:PutRolePolicy to the CloudFormation policy.

* Removed the dangling comma on line 37 of the CloudFormation policy.