You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
The principle of least privilege is one of the most important concepts in information security. In AWS, it means granting each identity — whether a user, role, or service — only the permissions it needs to perform its specific task, and nothing more.
Least privilege states that every identity should have the minimum set of permissions required to do its job. No more, no less.
This is not about making things difficult — it is about reducing risk. If a user only needs to read objects from one S3 bucket, giving them full administrator access creates unnecessary exposure. If their credentials are compromised, the attacker inherits all of those excessive permissions.
If a set of credentials is compromised, the damage is limited to what those credentials can do. Least privilege minimises the blast radius.
| Scenario | Permissions | Blast Radius |
|---|---|---|
| Developer with admin access is compromised | Full account access | Entire AWS account |
| Developer with S3-read-only is compromised | Can read one S3 bucket | One bucket's data |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.