SAP-C02 - Design for New Solutions - Section 2.3
Determine security controls for a new solution that enforce least privilege with IAM roles, scoped resource policies, security groups, network ACLs and VPC endpoints.
Apply least-privilege access to a new solution by scoping IAM roles, resource-based policies, security groups, and network ACLs to the minimum required permissions. Use VPC endpoints to keep traffic off the public internet and avoid broad principal wildcards in resource policies.
Least privilegeSecurity groupsVPC endpointsResource policies
More in this domain
Back to all Design for New Solutions objectives, or the SAP-C02 cert hub.
Examworthy is not affiliated with or endorsed by Amazon Web Services. Original, blueprint-aligned practice material only.