I get access denied exception when trying to attach a s3 policy at the organization level. cant really find any relevant info online regarding this.

data "aws_iam_policy_document" "block_s3_insecure_http_access" {

    # dome9 requirement - disallow all insecure access
    statement {
      principals {
        type        = "AWS"
        identifiers = ["*"]
      }
      resources = [
        "arn:aws:s3:::*"
      ]
      effect = "Deny"
      actions = [
        "s3:*"
      ]
      condition {
        test = "Bool"
        variable = "aws:SecureTransport"
        values = [
          "false"
        ]
      }
    }
}

resource "aws_organizations_policy" "block_s3_insecure_http_access" {
  name    = "block s3 insecure http access"
  content = data.aws_iam_policy_document.block_s3_insecure_http_access.json
}

resource "aws_organizations_policy_attachment" "block_s3_insecure_http_access" {
  policy_id = aws_organizations_policy.block_s3_insecure_http_access.id
  target_id = data.aws_caller_identity.current.account_id
}

aws_organizations_policy.block_s3_insecure_http_access: Creating...
╷
│ Error: error creating Organizations Policy (block s3 insecure http access): AccessDeniedException: You don't have permissions to access this resource.
│ 
│   with aws_organizations_policy.block_s3_insecure_http_access,
│   on organization.tf line 26, in resource "aws_organizations_policy" "block_s3_insecure_http_access":
│   26: resource "aws_organizations_policy" "block_s3_insecure_http_access" {
│ 
╵
Releasing state lock. This may take a few moments...

Exited with code exit status 1