During a security review, the Cloud Ninjas team discovered overly permissive IAM policies in their serverless application. A solutions architect needs to identify the minimum required permissions for hundreds of Lambda functions with broad access to S3 and DynamoDB to comply with security best practices with the LEAST amount of effort. What should the solutions architect do?