Terraform, Cloudformation and CDK (AWS Only) can be assigned at any level in the hierarchy. All child accounts inherit the stack.

Example

Organization:
  OrganizationUnits:
      - Name: Production
        Stacks:
            # This stack will be applied to all accounts in the `Production` OU (`Safety Firmware` and `Safety Ingestion Team`).
          - Name: SCPDisableEURegion 
            Path: go/src/cdk/scp
            Type: CDK
        Accounts:
          - Email: safety+firmware@example.app
            AccountName: Safety Firmware
            Stacks:
                # This stack will be applied to `Safety Firmware` account only.
              - Path: tf/safety/firmware_bucket 
                Type: Terraform
                # You can set the region for where you want the resources to be created.
                Region: "us-west-2"
                # Cloudformation Path has to go directly to a cloudformation file.
              - Path: cloudformation/table.yml
                Type: CloudformationParameters 
                # Set Cloudformation Parameters as Key=Value and can be passed in as a list.
                CloudformationParameters:
                  - "HashKeyElementName=Painter" 
                  - "TableName=test" 
                CloudformationCapabilities:
                  - "CAPABILITY_IAM"
          - Email: safety+ingestion@example.app
            AccountName: Safety Ingestion Team
      - Name: Development
        Stacks:
            # This stack will be applied to all accounts in the `Development` OU (`Engineer A`).
          - Name: DevAccount
            Path: go/src/cdk/dev
            Type: CDK
        Accounts:
          - Email: eng1@example.app
            AccountName: Engineer A

Stacks

Stacks can be assigned to Accounts and OrganizationUnitss. Stacks assigned to OrganizationUnits will be applied to all child Accounts. A Stack is a collection of resources that you can manage as one block in YAML.

Stacks:
  - Path:  # (Required) Path to CDK or Terraform project. This must be a directory.
    Type:  # (Required) "CDK", "Terraform", or "Cloudformation".
    Name:  # (Optional) Name of the Stack to filter on with --stacks.
    AssumeRoleName:  # (Optional) Force the stack to use a specific role when applying a stack. The default role is the account's `AssumeRoleName` which is typically the `OrganizationAccountAccessRole`.
    Region: # (Optional) What region the stack's resources will be provisioned in. Region can be a comma separated list of regions or "all" to apply to all regions in an account.
    Workspace: # (Optional) Specify a Terraform workspace to use. 
    CloudformationParameters: # (Optional) A list of parameters to pass into the cloudformation stack.
    CloudformationCapabilities: # (Optional) A list of capabilities to pass into the cloudformation stack the only valid values are (CAPABILITY_IAM | CAPABILITY_NAMED_IAM | CAPABILITY_AUTO_EXPAND).
Manage AWS OrganizationsService Control Policies