Two practical patterns for scoping down the IAM permissions used by the Serverless Framework CLI when deploying - bottom-up gradual scoping, and the top-down 'dedicated deployer' pattern using a dev account as a permission discovery sandbox.
Read article