Ensure that roles defined in Serverless Framework files should not have policies granting full administrative privileges

It is important to avoid having '*' in the resource in the serverless framework IAM role because this can grant too much access to your Lambda functions and expose them to potential security risks. Instead, it is recommended to specify the exact resources your functions need to interact with and limit the actions they can perform on those resources.

Risk Level: medium
Platform: AWS Serverless
Spectral Rule ID: SLFW004


Change in statements.Action set the '*' to a specific definition

service: service
frameworkVersion: '2'
  name: aws
  runtime: nodejs12.x
      name: custom-role-name
        - Effect: 'Allow'
          Resource: 'arn:aws:s3:::my-bucket-name/example'
-         Action: '*'
+         Action: 'iam:DeleteUser'

Read more: