There are multiple ways to define access to resources within AWS. For instance, permissions for Amazon S3 objects can be configured using a combination of S3 bucket policies, user policies and object ACLs to achieve a complex mix of different access permissions in the same bucket. Please review 'Policies and Permissions within IAM' - https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html & 'Identity and access management in Amazon S3' - https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-access-control.html for more details.
ABAC - Attribute Based Access Control may also be used here. In ABAC, you tag the resources and allow only IAM users with specific tag to access that resource. For example, you can map Workload A with a tag called "CreatedBy: Team A" and then have the same tag mapped to IAM users of Team A; then only Team A can access Workload A.
Please refer the following documentation for further details https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html
Should I use one account or multiple accounts?Accepted Answerasked 7 months ago
AWS Account verification Teamasked 6 months ago
Restricting user access to AWS resources within an accountasked 4 months ago
ELI5: AWS Accountsasked 8 months ago
Pros and cons of restricting user access to certain regionsAccepted Answerasked 8 months ago
30 day limit - Delete an Organization with Many Accountsasked 4 months ago
Moving resources between AWS accountsasked 2 months ago
Is it possible to have a team folder on Workdocs?asked 3 months ago
AppConfig and Multiple Accountsasked 8 months ago
Migrate resources from an existing account to another accountasked 2 days ago