S9. Apply the principle of least privilege to cloud identities

Grant only those privileges to a cloud identity that are necessary according to the responsibilities of the associated user or service entity. The mechanisms for managing privileges will vary across public cloud providers.