Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

1.2.1. Defense-in-Depth and Least Privilege

First Principle: No single security control is infallible. Defense-in-depth layers multiple independent controls so that the failure of any one control doesn't result in a complete security breach — while least privilege ensures each layer grants only the minimum access necessary.

Defense-in-Depth is the practice of implementing multiple, overlapping security controls at different layers of your architecture. Think of it like a medieval castle: the moat, outer wall, inner wall, tower, and locked vault each provide independent protection. An attacker who crosses the moat still faces the wall.

In AWS, the layers typically follow this pattern:

Least Privilege complements defense-in-depth by ensuring each component — user, role, service, function — has access to only the resources and actions it needs to perform its task, and nothing more. If a Lambda function only reads from one S3 bucket, its execution role should grant s3:GetObject on that specific bucket ARN, not s3:* on *.

The combination is powerful: defense-in-depth provides multiple barriers, and least privilege limits what an attacker can do even if they breach one.

Key Application on AWS:
  • Network: Security Groups (instance) + NACLs (subnet) + Network Firewall (VPC) = three independent network layers
  • Identity: SCPs (organization) + Permissions Boundaries (identity) + Identity Policies (role) = three independent policy layers
  • Data: Encryption at rest + Encryption in transit + Bucket policies + Object Lock = four independent data protection layers

⚠️ Exam Trap: When an exam question asks for "the MOST secure" approach, favor answers that implement controls at multiple layers over answers that implement a single strong control. AWS always prefers defense-in-depth.

Scenario: A developer requests AdministratorAccess to deploy a Lambda function. Applying least privilege, you determine the function only needs lambda:CreateFunction, iam:PassRole for a specific execution role, and s3:GetObject on the deployment bucket.

Reflection Question: Why does granting AdministratorAccess for a specific task violate least privilege even if the developer is trusted?

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications