An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often need to be churned, i.e. deleted and replaced, especially in the testing group. This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, produc-tion and testing, will not change in the foreseeable future. Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy?

A. By creating an IAM policy with a condition that allows access to only small instances
B. By defining the IAM policy that allows access based on the instance ID
C. By launching the test and production instances in separate regions and allowing region wise ac-cess to the group
D. By defining the tags on the test and production team members IAM user IDs, and adding a con-dition to the IAM policy that allows access to specific tags