diff --git a/packages/serverless-deploy-iam/bin/app.ts b/packages/serverless-deploy-iam/bin/app.ts
index 3ed7edc..254062b 100755
--- a/packages/serverless-deploy-iam/bin/app.ts
+++ b/packages/serverless-deploy-iam/bin/app.ts
@@ -483,6 +483,14 @@ export class ServiceDeployIAM extends cdk.Stack {
           resources: [(serviceRole.type as Role).roleArn],
           actions: ["iam:PassRole"],
         },
+        {
+          name: "IAM",
+          prefix: `arn:aws:iam::${accountId}:role`,
+          qualifiers: [
+            "aws-service-role/ops.apigateway.amazonaws.com/AWSServiceRoleForAPIGateway",
+          ],
+          actions: ["iam:CreateServiceLinkedRole"],
+        },
         {
           name: "S3",
           prefix: `arn:aws:s3:::`,