Option B is the correct answer. Creating a security group for each resource and allowing only necessary ports and IP addresses is a best practice for securing resources in AWS. This approach ensures that each resource is only accessible from the required sources, reducing the attack surface and minimizing the risk of unauthorized access. Option A, allowing open access to the internet, is not secure and exposes the resources to potential threats. Option C, relying solely on network ACLs, may not provide the same level of granularity and control as security groups. Option D, enabling unrestricted access, is not recommended and can lead to security vulnerabilities.