This article will help you to understand how you can deal with variance in your AWS Organization
When defining your AWS accounts using this solution you can specify accounts one-by-one or you can specify an OU. There are many instances where customers would like to generally refer to an OU but have a single account (or two) within the OU that they would like to treat differently.
When you describe an OU you can additionally describe an account that is within the OU so long as you added an overwrite or append attribute:
You can use the role:special and role:also-special tags in your actions to target these accounts.
If you have many exceptions using append or overwrite can become cumbersome or you may want to use AWS Organizations account tags for other reasons. To use AWS Organizations account tags you add the attribute organizations_account_tags to the account section - you can add this to accounts and to OUs. When you add it, you must specify a value:
ignore - this is the default. Setting ignore means you will ignore AWS Organizations tags
honour - this means any tags you specify in AWS Organizations will REPLACE the tags you provide in the manifest
append - this means any tags you specify in AWS Organizations will APPEND the tags you provide in the manifest
You can use the append and overwrite described in the section above in conjunction with organizations_account_tags. If you do the organizations_account_tags will take affect first and then append or overwrite will affect the tags from AWS Organizations.