diff --git a/terragrunt/org_account/organization/organizations.tf b/terragrunt/org_account/organization/organizations.tf
index fe8bf49d..e489fada 100644
--- a/terragrunt/org_account/organization/organizations.tf
+++ b/terragrunt/org_account/organization/organizations.tf
@@ -58,6 +58,17 @@ resource "aws_organizations_policy_attachment" "Sandbox-cds_snc_universal_guardr
   target_id = aws_organizations_organizational_unit.Sandbox.id
 }
 
+resource "aws_organizations_policy_attachment" "Sandbox-PreventEC2Creation" {
+  policy_id = aws_organizations_policy.block_ec2.id
+  target_id = aws_organizations_organizational_unit.Sandbox.id
+}
+
+
+resource "aws_organizations_policy_attachment" "767397971970-PreventEC2Creation" {
+  policy_id = aws_organizations_policy.block_ec2.id
+  target_id = "767397971970"
+}
+
 
 resource "aws_organizations_organizational_unit" "Security" {
   name      = "Security"
diff --git a/terragrunt/org_account/organization/scp.tf b/terragrunt/org_account/organization/scp.tf
index e9259334..045790a3 100644
--- a/terragrunt/org_account/organization/scp.tf
+++ b/terragrunt/org_account/organization/scp.tf
@@ -157,3 +157,23 @@ resource "aws_organizations_policy" "cds_snc_universal_guardrails" {
   type    = "SERVICE_CONTROL_POLICY"
   content = data.aws_iam_policy_document.cds_snc_universal_guardrails.json
 }
+
+
+data "aws_iam_policy_document" "block_ec2" {
+  statement {
+    sid    = "PreventEC2Creation"
+    effect = "Deny"
+    actions = [
+      "ec2:RunInstances",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_organizations_policy" "block_ec2" {
+  name    = "Block EC2 Creation"
+  type    = "SERVICE_CONTROL_POLICY"
+  content = data.aws_iam_policy_document.block_ec2.json
+}
\ No newline at end of file