This is a dedicated watch page for a single video.
A company wants to use AWS Organizations to set up Service control policies (SCPs) for better control over AWS resources used by the teams. The policy should allow access to describe actions on Amazon EC2 instances while denying access to all actions on Amazon S3 buckets. Which of the following is the correct option to include both the requirements into a single SCP?