What is the principle of least privilege and how does it apply to IAM roles in AWS?

technical-conceptual · Junior level · cloud-devops-security

What the interviewer is really asking

Gauge foundational security thinking and whether the candidate can translate an abstract security principle into concrete cloud IAM practice.

What to say

What to avoid

Example answers

Strong: For a Lambda that reads from one DynamoDB table, I'd write an inline policy allowing only dynamodb:GetItem and dynamodb:Query on that specific table ARN — not dynamodb:* on *.

Weak: Just attach the ReadOnlyAccess managed policy — it's safer than AdminAccess and good enough.

Want questions matched to your role? Paste a job title, job description, or CV and get a personalized set, or go Pro to unlock the full bank.