A company has accounts in an organization in AWS Organizations. The organization has all features enabled. The company stores secrets in AWS Secrets Manager in a central AWS account (Account A). The secrets have resource policies that allow read-only access to IAM roles in an account outside the organization (Account B). A few privileged users in accounts in the organization have access to the secrets by using IAM roles. Because of a security incident, the company needs to revoke all access to the secrets in Account A. Which solution will meet these requirements?