How do I assign function level IamRoleStatements in Serverless Framework?

Question

I want to assign different permissions for different functions listed in my serverless.yml

 functions:
  hello:
    handler: handler.hello
  crawl-distributor:
    handler: CrawlDistributor.handler
  product-scanner:
    handler: ProductScanner.handler
    iamRoleStatements:
      - Effect: Allow
        Action:
          - dynamodb:*
          - lambda:*
        Resource: "*"

This doesn't seem to work. When I add the iamRoleStatements at the provider level, it works, but ends up applying the permissions to all the functions.

 provider:
  name: aws
  runtime: nodejs4.3
  stage: api
  region: us-east-1
  profile: dev
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:*
        - lambda:*
      Resource: "*"

Answer 1

From docs, you need to create the function role under resources and reference this new role inside your function.

Example:

service: my-test

provider:
  name: aws
  runtime: nodejs4.3
  stage: api
  region: us-east-1
  profile: dev

functions:
  hello:
    handler: handler.hello
  crawl-distributor:
    handler: CrawlDistributor.handler
  product-scanner:
    role: myDynamoRole
    handler: ProductScanner.handler

resources:
  Resources:
    myDynamoRole:
      Type: AWS::IAM::Role
      Properties:
        RoleName: myDynamoRole
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
              Action: sts:AssumeRole
        Policies:
          - PolicyName: myPolicyName
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - dynamodb:*
                    - lambda:*
                  Resource: "*"