How do you achieve true least-privilege access in AWS?

a thread (and quick demo of a tool I'm building) ⬇️ 1/ Nearly every team I've worked with @exponent_dev has had extremely permissive @awscloud IAM permissions. I've been granted AdministratorAccess scarily regularly.