====== Least Privilege ======

**What it is:** Security principle: grant only the permissions needed for the task—nothing more.

**What it’s for:**
  * Reduce damage if credentials are compromised.
  * Improve security posture.

**How to apply:**
  * Scope by action (read vs write).
  * Scope by resource (specific bucket/table/ARN).
  * Add conditions (IP, MFA, tags).

**Hard words:**
  * *principle* /ˈprɪnsəpəl/: nguyên tắc
  * *compromised* /ˈkɑːmprəmaɪzd/: bị lộ/bị chiếm
  * *posture* /ˈpɑːstʃər/: trạng thái (mức độ an toàn)