Principle of Least Privilege
💡 Definition
The Principle of Least Privilege is a security best practice that states a user, program, or process should have only the bare minimum privileges necessary to perform its function.
🔑 Key Concepts
- Minimal Access: Granting only the permissions required to do the job, and nothing more.
- Start with Zero: Start with no permissions and add them incrementally as needed.
- Regular Review: Periodically auditing permissions to remove any that are no longer needed.
⚙️ How it Works
Instead of giving a developer "AdministratorAccess" (full control) just to upload a file to S3, you create a specific IAM Policy that allows only s3:PutObject on that specific bucket.
🎯 Use Cases
- Security Hardening: Reducing the "blast radius" if credentials are compromised. If a user with limited permissions is hacked, the attacker can do less damage.
- Compliance: Meeting audit requirements for access control.
💰 Pricing Model
- N/A (Concept/Best Practice).
📝 Exam Tips (CLF-C02)
- A fundamental security best practice in AWS.
- Always choose the option that grants "only the permissions needed" or "least privilege".
- Avoid using broad policies like
*(allow all) unless absolutely necessary.
See Also: * IAM * IAM Policy