General guidelines for web app security in the cloud.
Assign only those permissions which are required to get the job done. Also utilise infrastructure as a code (IaC) tool like Terraform to track changes in your infrastructure to prevent unwanted human error and if it happens track down easily.