When creating an IAM user/group to run the AWS_ACCESS_KEY_ID=x AWS_SECRET_ACCESS_KEY=y serverless deploy -v on aws lambda,
what roles/permissions should be granted to that user/group ?
According to the Serverless Framework documentation,
To let the Serverless Framework access your AWS account, we're going to create an IAM User with Admin access, which can configure the services in your AWS account.
Note: In a production environment, we recommend reducing the permissions to the IAM User which the Framework uses. Unfortunately, the Framework's functionality is growing so fast, we can't yet offer you a finite set of permissions it needs (we're working on this).
In the production environment, IAMFullAccess, AWSLambdaFullAccess and CloudFormationFullAccess should be enough.