What is the principle of least privilege?

The principle of least privilege means granting only the minimum permissions necessary to perform a task. In AWS, this means starting with zero permissions and adding only what's needed. For example, if a user only needs to read S3 objects, don't give them full S3 access. This reduces security risks and limits the impact of compromised credentials.