Answer: IAM Access Policies

IAM (Identity and Access Management) Access Policies are the primary mechanism for controlling access to AWS resources, including Amazon Bedrock models. These policies define permissions that specify which IAM roles or users can perform specific actions on AWS resources. **Explanation:** - **IAM Access Policies** (Option A): These are JSON documents that define permissions for IAM identities (users, groups, roles) to access AWS resources. They are essential for security and compliance. - **Multi-region replication** (Option B): This is a data replication feature for disaster recovery, not an access control mechanism. - **Trusted Advisor** (Option C): This is an AWS tool that provides best practice recommendations, not an access control mechanism. - **AWS Backup** (Option D): This is a centralized backup service, not related to access control. IAM Access Policies work by: 1. Attaching policies to IAM users, groups, or roles 2. Defining specific actions (like `bedrock:InvokeModel`) that are allowed or denied 3. Specifying the resources (specific Bedrock models) the policy applies to 4. Optionally adding conditions for additional security controls This ensures that only authorized entities can invoke Amazon Bedrock models, maintaining the principle of least privilege.

Author: Ritesh Yadav