What is Least Privilege?
Least privilege is the principle of granting an identity only the permissions it needs to do its job — nothing more.
In IAM terms, least privilege means scoping the Action, Resource, and Condition of every statement as tightly as the workload allows. Instead of Action "*" on Resource "*", you enumerate the specific actions on the specific ARNs, and add conditions where context matters.
It is a process, not a one-time setting. Permissions drift as workloads change, so least privilege is maintained by reviewing policies at authoring time, removing unused permissions, and preferring temporary role credentials over long-lived keys.
Common mistake
Starting from a broad policy and intending to tighten it later. The tightening rarely happens, so the over-broad grant becomes permanent. Start narrow and widen only when something genuinely breaks.
Related terms
Analyze a real policy free
Shieldly's AI-Powered analyzer explains why an IAM policy is risky and returns the fix in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.
Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.