What does the principle of least privilege mean in cloud deployments?

• A. Grant only the minimal permissions required for a user or service.
• B. Assign full access to all users to simplify operations.
• C. Limit access to only read permissions.
• D. Disallow all permissions and require manual overrides.

Answer: (A)

In cloud deployments, the principle of least privilege means giving each user or service only the permissions needed to perform their tasks, and nothing more. This is put into practice by tying access to specific roles that match job functions, using fine-grained IAM policies, and avoiding broad or wildcard permissions. The idea is to limit what an account can do, so if credentials are compromised or a mistake is made, the potential damage is restricted to the minimum necessary scope. Implementing it involves role-based or policy-based access control, scoping permissions to specific resources and actions, using just-in-time or short-lived credentials for elevated tasks, enforcing separation of duties, and regularly reviewing who has access and adjusting as roles evolve. For example, a developer responsible for deploying to a staging environment should not have production access, and a CI/CD pipeline service account should be restricted to only the exact deployment actions it needs on the designated environment. Allowing broad full access, or restricting to only read in all cases, or denying everything and relying on manual overrides, would either create risk or hinder essential work, so they’re not aligned with least privilege.