Feature: New Docs for account setup

[Benbentwo]

This pull request updates the AWS accounts deployment guide and related workflow examples to improve clarity, accuracy, and alignment with the current reference architecture. The changes modernize the step-by-step instructions, clarify the use of instanced components, and update workflow commands and file references to match the latest best practices.

Documentation and workflow improvements:

• Updated the deployment guide table and step-by-step instructions to reflect the use of Atmos workflows for deploying the AWS Organization, Organizational Units, Service Control Policies, and account settings, replacing older manual or monolithic approaches. [1] [2] [3]
• Clarified that each AWS account and organizational unit is managed as a separate instanced component, with shared defaults and outputs, and updated example commands to match this pattern.
• Replaced manual Terraform import instructions for the AWS Organization with an automated workflow, and added verification steps to ensure the organization is adopted correctly.
• Added a new step and workflow for deploying Service Control Policies (SCPs), including an additional policy to deny IAM user creation, and updated the corresponding workflow YAML. [1] [2] [3]
• Updated references and workflow names for deploying account settings to match the new naming conventions (aws-account-settings). [1] [2]

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0949bdfb02

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Move the initial aws-account plan after OU deployment

This checklist now tells readers to run atmos terraform plan aws-account/core-artifacts -s core-gbl-root before the organization and OU workflows have run, but the same page later says the aws-account/* components read OU IDs from aws-organizational-unit/* via !terraform.state (docs/layers/accounts/deploy-accounts.mdx, lines 84-88). On a fresh quickstart setup there is no OU state yet, so this "validation" step will fail and block the documented flow instead of helping users verify their account config.

Useful? React with 👍 / 👎.