A company implements access control by creating different policies for different job functions. These policies are attached to IAM roles/groups with minimum permissions necessary for the job function. Up until this point, the solution has been functioning effectively. However, with business expansion, the administrator has to frequently update the existing policies to allow access to new resources. Which of the following solutions can make the access control applicable to all new resources without the need to update the policies?