A company is developing an AI solution on AWS that involves multiple departments including Data Science, DevOps, and Business Analytics. Each department requires specific permissions to AWS services but must not access resources outside their scope. What is the best way to enforce least privilege access across all departments?