Paul Ericson

Least Privilege is kind of like the Holy Grail of security. Everyone wants it, but it remains elusive. Those that have mounted serious efforts to achieve it have had varying degrees of success "Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job."— Jerome Saltzer, Communications of the ACM Peter J. Denning, in his paper "Fault Tolerant Operating Systems" , set it in a broader perspective among four fundamental principles of fault tolerance. Dynamic assignments of privileges was earlier discussed by Roger Needham in 1972. 1,2 Okay so luminaries have written about it and that means it's probably a thing. But how to achieve it with AWS Lambda? Let's start with facing the biggest challenges in general: The effort required to pare down permissions to the minimum necessary is significant. As developers add features, policy enforcement just gets in their way, and using

AWS Lambda can make your environment more secure than older deployment patterns--assuming you take security seriously and implement it in a secure way. AWS Lambda makes security easier because you no longer have to manage OS hardening, admin rights, SSH, and segmentation. You still have to manage configuration and application code. The most important aspect of AWS Lambda security is the principal of least privilege . "Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job." — Jerome Saltzer,  Communications of the ACM Least privilege dictates that we apply the smallest possible privilege so that it can function correctly, but can do nothing else. Least privilege must apply to your application and its resources, function, persistence layer (S3, DynamoDB, etc.). AWS IAM roles are the primary control plane and should enforce least privilege. Although least privilege is critical, it