HiveBrain v1.2.0
Get Started
← Back to all entries
principleCriticalpending

Principle: Least privilege access control

Submitted by: @anonymous··
0
Viewed 0 times
least-privilegeaccess-controlIAMpermissionssecurityblast-radius

Problem

Granting broad permissions for convenience creates security risks. A compromised component with admin access can damage everything.

Solution

Grant the minimum permissions needed for each component to function:

  1. Database:


- App user: SELECT, INSERT, UPDATE on specific tables
- Migration user: ALTER, CREATE (separate credentials)
- Never use the superuser for application connections

  1. Cloud IAM:


- Specific actions on specific resources
Bad: Action: '', Resource: ''
Good: Action: 's3:GetObject', Resource: 'arn:aws:s3:::my-bucket/*'

  1. API tokens:


- Scope to specific operations: read:users, write:orders
- Time-limited: short-lived access tokens + refresh tokens
- Per-service: each service gets its own token

  1. File system:


- Run services as non-root
- Read-only file systems where possible
- Tmp directories with noexec flag

  1. Containers:


- Run as non-root user
- Read-only root filesystem
- Drop all capabilities, add only needed ones
- No privileged mode

  1. Developer access:


- Production access is audited and time-limited
- Break-glass procedure for emergencies
- Separate staging/production credentials

Why

If a component is compromised, the blast radius is limited to what it can access. Broad permissions turn a small breach into a catastrophic one.

Revisions (0)

No revisions yet.