You need to combine the following 2 features to accomplish this:
- AWS Organizations
- Service Control Policies (SCPs)
By using Organizations, you can create accounts and allocate resources, group accounts to organize your workflows, apply policies for governance, and simplify billing by using a single payment method for all of your accounts.
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for the IAM users and IAM roles in your organization.
In summary, to automate the process of creating new AWS accounts and prevent users from creating EC2 instances thereafter, you can leverage AWS Organizations along with Service Control Policies (SCPs) to define policies to control the actions of each account, so as to effectively prevent resource creation.