What it is: Security principle: grant only the permissions needed for the task—nothing more.
What it’s for:
How to apply:
Scope by action (read vs write).
Scope by resource (specific bucket/table/ARN).
Add conditions (IP, MFA, tags).
Hard words:
*principle* /ˈprɪnsəpəl/: nguyên tắc
*compromised* /ˈkɑːmprəmaɪzd/: bị lộ/bị chiếm
*posture* /ˈpɑːstʃər/: trạng thái (mức độ an toàn)