* scheme update

providers/provider-family-aws/resources/objects/organization/policy-attachments.yaml

@@ -0,0 +1,43 @@
+apiVersion: organizations.aws.m.upbound.io/v1beta1
+kind: PolicyAttachment
+metadata:
+  name: leave-org-policy-prod
+  namespace: aws-organization
+spec:
+  forProvider:
+    policyIdRef:
+      name: deny-leave-organization
+    targetIdRef:
+      name: production-ou
+  providerConfigRef:
+    name: org-config
+
+---
+apiVersion: organizations.aws.m.upbound.io/v1beta1
+kind: PolicyAttachment
+metadata:
+  name: leave-org-policy-nonprod
+  namespace: aws-organization
+spec:
+  forProvider:
+    policyIdRef:
+      name: deny-leave-organization
+    targetIdRef:
+      name: non-production-ou
+  providerConfigRef:
+    name: org-config
+
+---
+apiVersion: organizations.aws.m.upbound.io/v1beta1
+kind: PolicyAttachment
+metadata:
+  name: region-policy-nonprod
+  namespace: aws-organization
+spec:
+  forProvider:
+    policyIdRef:
+      name: deny-non-approved-regions
+    targetIdRef:
+      name: non-production-ou
+  providerConfigRef:
+    name: org-config