Skip to content
ROOT
STUB

Least Privilege

The pattern: every identity — human or service — gets only the permissions it needs to function. No * wildcards “for now.” Default-deny posture, additive grants, continuous audit so the grants stay minimal as workloads evolve.

The trade-off: iteration friction vs. blast radius. Least-privilege is friction by design: every new feature requires reviewing and extending permissions. Skipping the discipline is fast — until a token leaks or a service is compromised and the attacker has root because nobody tightened it later. The right answer is automation: tools that suggest the minimum policy from observed behavior (iamlive), policy-as-code review, and continuous audit baked into the platform.

Deepens in Year 2 Phase 10: AWS Deep Dive (IAM) and Year 2 Phase 12: Platform Engineering (K8s RBAC + IRSA/Workload Identity on basecamp) — DEEP after both stacked.

  • defense-in-depth — least-privilege is one of the layers; it is what keeps the stack additive instead of cumulatively over-permissioned.
  • zero-trust-security — workload identity is the substrate least-privilege grants are written against.
  • secrets-lifecycle — short-lived credentials shrink the blast radius when a least-privilege grant is still too wide.
  • threat-modeling — STRIDE’s Elevation of Privilege is the threat least-privilege directly answers.
  • multi-tenancy — tenant isolation is least-privilege applied at the platform boundary.
  • platform-as-product — golden-path RBAC templates are how a platform makes least-privilege the default.