A Development team uses AWS CodeCommit for source code control. Developers apply their changes to various feature branches and create pull requests to move those changes to the master branch when they are ready for production. A direct push to the master branch should not be allowed. The team applied the AWS managed policy AWSCodeCommitPowerUser to the Developers’ IAM Rote, but now members are able to push to the master branch directly on every repository in the AWS account. What actions should be taken to restrict this?

A. Create an additional policy to include a deny rule for the codecommit:GitPushaction, and include a restriction for the specific repositories in the resource statement with a condition for the master reference.
B. Remove the IAM policy and add an AWSCodeCommitReadOnlypolicy. Add an allow rule for the codecommit:GitPush action for the specific repositories in the resource statement with a condition for the master reference.
C. Modify the IAM policy and include a deny rule for the codecommit:GitPushaction for the specific repositories in the resource statement with a condition for the master reference.
D. Create an additional policy to include an allow rule for the codecommit:GitPushaction and include a restriction for the specific repositories in the resource statement with a condition for the feature branches reference.