A company is reviewing a recent migration of a three-tier application to a VPC. The security team discovers that the principle of least privilege is not being a...

A company is reviewing a recent migration of a three-tier application to a VPC. The security team discovers that the principle of least privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.
What should a solutions architect do to correct this issue?