How custom role(of Lambda) works with EC2 role policy?

Below is the custom execution role(some-role-serv-LogicalID-GDGGGGGBMW2) created for lambda function(AWS::Serverless::Function) written using SAM template:

{
  "permissionsBoundary": {
    "permissionsBoundaryArn": "arn:aws:iam::111222333444:policy/some-permission-boundary",
    "permissionsBoundaryType": "Policy"
  },
  "roleName": “some-role-serv-LogicalID-GDGGGGGBMW2”,
  "policies": [
    {
      "document": {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Action": "sqs:*",
            "Resource": "arn:aws:sqs:us-east-1:111222333444:someq*",
            "Effect": "Allow"
          },
          {
            "Action": [
              "logs:CreateLogGroup",
              "logs:CreateLogStream",
              "logs:PutLogEvents"
            ],
            "Resource": "arn:aws:logs:us-east-1:111222333444:log-group:*",
            "Effect": "Allow"
          }
        ]
      },
      "name": "lambda-policy",
      "type": "inline"
    }
  ],
  "trustedEntities": [
    "lambda.amazonaws.com"
  ]
}

---

Where some-permission-boundary is:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:us-east-1:111222333444:log-group:*"
            ],
            "Effect": "Allow",
        },
        {
            "Action": [
                "sqs:DeleteMessage",
                "sqs:ReceiveMessage",
                "sqs:SendMessage",
                "sqs:ListDeadLetterSourceQueues",
                "sqs:GetQueueAttributes",
                "sqs:GetQueueUrl"
            ],
            "Resource": [
                "arn:aws:sqs:us-east-1:111222333444:someq*"
            ],
            "Effect": "Allow",
        }
    ]
}

---

some-role-serv-LogicalID-GDGGGGGBMW2 is assigned a permission boundary(some-permission-boundary) in SAM template

Lambda function assumes custom role with below SAM template syntax:

Role: !GetAtt LogicalID.Arn

---

Amidst deployment,

lambda is created(using sam deploy) from a docker container within EC2,

where is an additional role policy(below) is assumed by EC2:

   {
        "Condition": {
            "StringEquals": {
                "iam:PermissionsBoundary": "arn:aws:iam::111222333444:policy/some-permission-boundary"
            }
        },
        "Action": [
            "iam:CreateRole",
            "iam:AttachRolePolicy",
            "iam:PutRolePolicy",
            "iam:DetachRolePolicy",
            "iam:GetRolePolicy"
        ],
        "Resource": [
            "arn:aws:iam::111222333444:role/some-role*"
        ],
        "Effect": "Allow"
    }

---

This EC2 policy is supposed to make sure that any custom role(say some-role-serv-LogicalID-GDGGGGGBMW2) that does not have below property:

PermissionsBoundary: !Sub "arn:aws:iam::${AWS::AccountId}:policy/some-permission-boundary"

should not allow creating role some-role-serv-LogicalID-GDGGGGGBMW2

I get below error while stack creation:

Stack is created successfully but,

1) Why sam deploy command gets this error?

2)

Does the EC2 policy disallow custom role(some-role-serv-LogicalID-GDGGGGGBMW2) creation that comes without permission boundary(some-permission-boundary)? as expected...