A company operates under a multi-account strategy where one account is managed by the security engineers and another is operated by a separate team responsible for network administration. The security team needs to allow the network administration team's account access to a specific Amazon S3 bucket without broadening the access to other accounts. Which of the following is the MOST secure way to grant the required access?
Set up a bucket policy that limits access to the S3 bucket based on the source IP range of the network administration team's office location.
Attach a resource-based policy directly to the S3 bucket identifying the network administration team's account as the principal with the specified permissions.
Edit the S3 bucket's Access Control List (ACL) to include the user identifiers from the team handling network administration.
Implement a policy for individual users in the security engineers' account that grants permissions to the network administration team.