When you create IAM policies, follow the standard security advice of granting least
privilege—that is, granting only the permissions required to perform a task. Determine what
users need to do and then craft policies for them that let the users
perform only those tasks