We're going to proceed step by step through creating an SCP and adding it to an OU.

You're going to need the ID of the OU in question; you can fetch it from the organization's web console or use the CLI. It will look something like this:

 ou-bmdw-omzypry7

We'll be preparing a policy document as well. In this example, we're going to add an SCP to the Sudden Valley OU to allow access to EC2 and S3. Here's what our SCP looks like:

{ 
    "Version":"2012-10-17", 
    "Statement":[ 
        { 
            "Effect":"Allow", 
            "Action":["EC2:*","S3:*"], 
            "Resource":"*" 
        } 
    ] 
}