Security concept where users and systems are given only the minimum access needed to perform their tasks. Like giving employees keys only to the rooms they need to do their jobs.
A Lambda function that reads from S3 is given only s3:GetObject permission on the specific bucket it needs, not admin access to all AWS resources.
All four clouds enforce least privilege primarily through their IAM systems: you grant identities (users, groups, roles, service accounts) only the specific permissions needed, scoped to the smallest practical set of resources.