A healthcare startup is deploying an AWS-based analytics platform that processes sensitive patient records. The application backend uses Amazon RDS for structured data and Amazon S3 for storing medical files. S3 Event Notifications trigger AWS Lambda for real-time data classification and alerting. The startup uses AWS IAM Identity Center to manage federated access from their enterprise directory. Development, operations, and compliance teams require granular and secure access to RDS and S3 resources, based strictly on their job roles. The company must follow the principle of least privilege while minimizing manual administrative work. Which solution should the company implement to meet these requirements with the least operational overhead?