A developer who recently left a company was found to have published many access keys IDs to a public source code repository. A list of the exposed access key IDs has been created. A security engineer needs to quickly identify which users the access key IDs belong to so the credentials can be immediately rotated. The company uses multiple accounts in an AWS Organization. Which approach should the security engineer take?