diff --git a/docs/4-cloud-computing/4.2.2-ec2.md b/docs/4-cloud-computing/4.2.2-ec2.md
index 0969efe5..ad46ad61 100644
--- a/docs/4-cloud-computing/4.2.2-ec2.md
+++ b/docs/4-cloud-computing/4.2.2-ec2.md
@@ -47,6 +47,8 @@ Through these steps you will build two servers on AWS, one as a Jenkins controll
 
    - This security group is where you will handle port forwarding
 
+> When you're creating a security group, it's important to be mindful of what traffic you're allowing. You should always follow the [Principle of Least Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege) when deciding what traffic you should allow to your instance to reduce the risk of unauthorized users accessing it, even in small-scale projects and exercises like this. In other words, your security groups should always only allow traffic from those who *need* to access your instance.
+
 3. Create a Jenkins controller (*master*) instance and make of note of the Instance ID and Public DNS name.
 
    - Find a CentOS AMI on the marketplace.