How do you implement the principle of least privilege using IAM policies in a multi-cloud environment (AWS, GCP, and Azure)?