A company uses the AWS Well-Architected Tool to review its workloads and identify improvements. After performing a review, the company receives a recommendation to improve its security posture by implementing least-privilege access for its IAM policies. Which feature of AWS IAM can the company use to analyze and validate their IAM policies to ensure they are following least-privilege best practices?