Least Privilege approach is to give users as many rights as possible and revoke back after.

Which IAM Entity is ideal for AWS services that need to make calls to other AWS services on your behalf?

What is required to make programmatic calls to AWS using AWS CLI, the AWS SDKs, or direct HTTPS calls using the APIs for individual services?

Which type of identity-based policy provides a more precise access control and can be attached to multiple entities?

if policies that apply to a request include an Allow statement and a Deny Statement, the allow statement supercedes the Deny Statement

An implicit denial occurs when there is no applicable Deny statement but also no applicable Allow statement.

Which type of identity-based policy maintains a strict one-to-one relationship between the policy and the principal entity that it's applied to?