Option C best meets the requirements by aligning with AWS best practices for data isolation, access control, and scalable GenAI retrieval. Implementing a separate Amazon Bedrock knowledge base for each hotel ensures strict separation of data and permissions. This approach naturally enforces hotel-level access control without requiring complex policy logic or post-query filtering.

A multi-account structure further strengthens security and governance by isolating each hotel’s data plane. AWS recommends account-level isolation for workloads with strong tenancy or compliance boundaries. Hotel staff can be granted access only to their hotel’s account and corresponding knowledge base, eliminating the risk of cross-hotel data exposure.

Direct data ingestion into each knowledge base enables near real-time updates for critical data such as room availability. For information that does not change frequently, scheduled synchronization reduces ingestion cost while maintaining accuracy. This hybrid ingestion model balances freshness and operational efficiency.

Because Amazon Bedrock Knowledge Bases are fully managed, performance remains consistent during peak usage periods without the company managing indexing, scaling, or retrieval infrastructure. Each knowledge base scales independently, preventing noisy-neighbor issues that could arise in a centralized design.

Option A and B rely on a centralized knowledge base, which increases policy complexity and introduces risk of misconfigured access controls. Option D adds unnecessary orchestration complexity and does not inherently solve real-time data freshness requirements.

Therefore, Option C provides the most secure, scalable, and operationally efficient solution for enhancing the PMS with Amazon Bedrock Knowledge Bases.