apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: PolicyAttachment
metadata:
  name: leave-org-policy-prod
  namespace: aws-organization
spec:
  forProvider:
    policyIdRef:
      name: deny-leave-organization
    targetIdRef:
      name: production-ou
  providerConfigRef:
    name: org-config

---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: PolicyAttachment
metadata:
  name: leave-org-policy-nonprod
  namespace: aws-organization
spec:
  forProvider:
    policyIdRef:
      name: deny-leave-organization
    targetIdRef:
      name: non-production-ou
  providerConfigRef:
    name: org-config

---
apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: PolicyAttachment
metadata:
  name: region-policy-nonprod
  namespace: aws-organization
spec:
  forProvider:
    policyIdRef:
      name: deny-non-approved-regions
    targetIdRef:
      name: non-production-ou
  providerConfigRef:
    name: org-config