How can a solutions architect restrict access to certain services or actions across multiple AWS accounts within a large organization, ensuring a scalable and centralized management approach?