1 Answers
Hi, it is possible to apply a SCP at your AWS account root level, however it is not recommended.
AWS strongly recommends that you don’t attach SCPs to the root of your organization without thoroughly testing the impact that the policy has on accounts. Instead, create an OU that you can move your accounts into one at a time, or at least in small numbers, to ensure that you don’t inadvertently lock users out of key services. _
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html