Security concept where users and systems are given only the minimum access needed to perform their tasks. Like giving employees keys only to the rooms they need to do their jobs.
A Lambda function that reads from S3 is given only s3:GetObject permission on the specific bucket it needs, not admin access to all AWS resources.