An AWS environment is configured with multiple IAM policies that are intended to enforce the principle of least privilege. However, a recent audit revealed that some policies are overly permissive. What steps would you take to interpret the effects of these policies on the environment and workloads, and to correct the over-permissive configurations?