Use terraform aws_organizations_organizational_units data sources from a AWS sub account

Right now I can use below terraform data source from AWS organization root account. Can we use the same from Organization member account? or is there any other data source for this?

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-html -->

data "aws_organizations_organization" "org" {}

data "aws_organizations_organizational_units" "root" {
  parent_id = data.aws_organizations_organization.org.roots[0].id
}

data "aws_organizations_organizational_units" "sub_ous" {
  parent_id = data.aws_organizations_organizational_units.root.children[0].id
}


output "root_ou" {
  value = data.aws_organizations_organizational_units.root
}

output "sub_ous" {
  value = data.aws_organizations_organizational_units.sub_ous
}



Outout:

root_ou = {
  "children" = tolist([
    {
      "arn" = "arn:aws:organizations::xxxxxxxxxx:ou/o-xxxxxxxx/ou-xxxx-xxxxxxxx"
      "id" = "ou-xxxx-xxxxxxx"
      "name" = "org-root"
    },
  ])
  "id" = "r-xxxx"
  "parent_id" = "r-xxxx"
}

sub_ous = {
  "children" = tolist([
    {
      "arn" = "arn:aws:organizations::xxxxxxxxxxxx:ou/o-xxxxxxxxxx/ou-xxxx-xxxxxxxxxx"
      "id" = "ou-xxxx-xxxx"
      "name" = "OU1"
    },
    {
      "arn" = "arn:aws:organizations::xxxxxxxxxxxx:ou/o-xxxxxxxxxx/ou-xxxx-xxxxxxxxxx"
      "id" = "ou-xxxx-xxxx"
      "name" = "OU2"
    },
    {
      "arn" = "arn:aws:organizations::xxxxxxxxxxxx:ou/o-xxxxxxxxxx/ou-xxxx-xxxxxxxxxx"
      "id" = "ou-xxxx-xxxx"
      "name" = "OU3"
    },
    {
      "arn" = "arn:aws:organizations::xxxxxxxxxxxx:ou/o-xxxxxxxxxx/ou-xxxx-xxxxxxxxxx"
      "id" = "ou-xxxx-xxxx"
      "name" = "OU4"
    },
  ])
  "id" = "ou-xxxx-xxxx"
  "parent_id" = "ou-xxxx-xxxxxxx"
}

<!-- end snippet -->

I tried to run the same from a member account. It seems not working. It returns:

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-html -->

╷
│ Error: Attempt to index null value
│
│   on main.tf line 6, in data "aws_organizations_organizational_units" "root":
│    6:   parent_id = data.aws_organizations_organization.org.roots[0].id
│     ├────────────────
│     │ data.aws_organizations_organization.org.roots is null
│
│ This value is null, so it does not have any indices.

<!-- end snippet -->

To investigate further I ran below from sub account

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-html -->

data "aws_organizations_organization" "org" {}

output "root_info" {
  value = data.aws_organizations_organization.org
}


Output:

root_info = {
  "accounts" = tolist(null) /* of object */
  "arn" = "arn:aws:organizations::xxxxxxxxxxx:organization/o-xxxxxxxxx"
  "aws_service_access_principals" = toset([])
  "enabled_policy_types" = toset([])
  "feature_set" = "ALL"
  "id" = "o-xxxxxxxx"
  "master_account_arn" = "arn:aws:organizations::xxxxxxxxxxxx:account/o-xxxxxxxxx/xxxxxxxxxxxx"
  "master_account_email" = "xxxx@xxxxx.com"
  "master_account_id" = "xxxxxxxxxxxxxx"
  "non_master_accounts" = tolist(null) /* of object */
  "roots" = tolist(null) /* of object */
}

<!-- end snippet -->

As per above output roots returns null when running from member account. If I run it from master account, it contains all required information.

Anyone know workaround for this?. All I need is to fetch my AWS organization OU IDs to create some resources in one of a member account in AWS organization.

Please note, using module output is not an option for me as terraform code which creates the AWS organization resources/accounts is a different repository and state where I don't have access to.

There is no workaround. By definition you can only use the API in master/management account, or delegated account, not a regular member account. From AWS docs:

> This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.