What is least privilege?, the cloud security principle

Why What is least privilege? matters

Almost every documented cloud breach has the same shape: an attacker compromises a low-privilege foothold, then uses an over-privileged identity attached to that foothold to escalate. Least privilege is not paranoia, it's the structural defence that decides whether the foothold becomes an incident or a breach.

Common mistakes with What is least privilege?

• Applying broad managed policies (`AdministratorAccess`, `PowerUserAccess`) to roles that need three actions.
• Granting wildcard resource access (`Resource: "*"`) when the role only touches one bucket.
• Ignoring the resource side of access decisions, locking down identity but leaving bucket policies open.
• Treating permission accrual as inevitable instead of running a quarterly access review.

Related articles

• Cloud Security Became A Coordination Problem
• What Is Cloud Security?
• Secrets Management Best Practices
• Most Security Programs Optimize for Auditability, Not Reality

Related concepts

• Cloud shared responsibility model explained, who secures what
• What is zero trust?, the security model that replaces the perimeter
• AWS S3 security explained, public access, encryption, attack chains
• AWS KMS explained, what it is and how to use it safely

Recommended learning paths

• Cloud Security Fundamentals
• AWS Security Best Practices
• Enterprise Cloud Security Architecture

Hands-on labs

• Hands-On: Multi-Cloud Security
• Hands-On: DevSecOps & Security Mastery