diff --git a/packages/serverless-deploy-iam/bin/app.ts b/packages/serverless-deploy-iam/bin/app.ts
index 3ed7edc..d6a2ab9 100755
--- a/packages/serverless-deploy-iam/bin/app.ts
+++ b/packages/serverless-deploy-iam/bin/app.ts
@@ -481,7 +481,17 @@ export class ServiceDeployIAM extends cdk.Stack {
         {
           name: "IAM",
           resources: [(serviceRole.type as Role).roleArn],
-          actions: ["iam:PassRole"],
+          actions: [
+            "iam:PassRole", 
+          ],
+        },
+        {
+          name: "IAM",
+          prefix: `arn:aws:iam::${accountId}:role`,
+          qualifiers: ["*"],
+          actions: [
+            "iam:CreateServiceLinkedRole"
+          ],
         },
         {
           name: "S3",