aws-cloudformation
diff --git a/‎src/cfnlint/rules/resources/iam/Permissions.py
Lines changed: 6 additions & 2 deletions b/‎src/cfnlint/rules/resources/iam/Permissions.py
Lines changed: 6 additions & 2 deletions
diff --git a/‎test/unit/rules/resources/iam/test_iam_permissions_sam.py
Lines changed: 32 additions & 0 deletions b/‎test/unit/rules/resources/iam/test_iam_permissions_sam.py
Lines changed: 32 additions & 0 deletions
@@ -21,7 +21,6 @@ class Permissions(CfnLintKeyword):
     description = "Check for valid IAM Permissions"
     source_url = "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html"
     tags = ["properties", "iam", "permissions"]
-    experimental = True
 
     def __init__(self):
         """Init"""
@@ -33,6 +32,11 @@ def __init__(self):
     def validate(
         self, validator: Validator, _, instance: Any, schema: dict[str, Any]
     ) -> ValidationResult:
+        # Escape validation when using SAM transforms as a result of
+        # https://github.com/aws/serverless-application-model/issues/3633
+        if validator.context.transforms.has_sam_transform():
+            return
+
         actions = ensure_list(instance)
 
         for action in actions:
@@ -41,7 +45,7 @@ def validate(
             if ":" not in action:
                 yield ValidationError(
                     (
-                        f"{action!r} is not a valid action."
+                        f"{action!r} is not a valid action. "
                         "Must be of the form service:action or '*'"
                     ),
                     rule=self,
 
@@ -0,0 +1,32 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+import pytest
+
+from cfnlint.rules.resources.iam.Permissions import Permissions
+
+
+@pytest.fixture(scope="module")
+def rule():
+    rule = Permissions()
+    yield rule
+
+
+@pytest.fixture
+def template():
+    return {
+        "Transform": "AWS::Serverless-2016-10-31",
+    }
+
+
+@pytest.mark.para
6212
metrize(
+    "name,instance,err_count",
+    [
+        ("Empty string", "", 0),
+    ],
+)
+def test_permissions(name, instance, err_count, rule, validator):
+    errors = list(rule.validate(validator, {}, instance, {}))
+    assert len(errors) == err_count, f"Test {name!r} got {errors!r}"