hashicorp · ewbankkit · Feb 16, 2023 · Apr 6, 2021 · Apr 13, 2021 · Apr 13, 2021
@@ -0,0 +1,7 @@
+```release-note:new-data-source
+aws_organizations_organizational_unit_child_accounts
+```
+
+```release-note:new-data-source
+aws_organizations_organizational_unit_descendant_accounts
+```
@@ -796,11 +796,13 @@ func New(ctx context.Context) (*schema.Provider, error) {
 
 			"aws_opensearch_domain": opensearch.DataSourceDomain(),
 
-			"aws_organizations_delegated_administrators": organizations.DataSourceDelegatedAdministrators(),
-			"aws_organizations_delegated_services":       organizations.DataSourceDelegatedServices(),
-			"aws_organizations_organization":             organizations.DataSourceOrganization(),
-			"aws_organizations_organizational_units":     organizations.DataSourceOrganizationalUnits(),
-			"aws_organizations_resource_tags":            organizations.DataSourceResourceTags(),
+			"aws_organizations_delegated_administrators":                organizations.DataSourceDelegatedAdministrators(),
+			"aws_organizations_delegated_services":                      organizations.DataSourceDelegatedServices(),
+			"aws_organizations_organization":                            organizations.DataSourceOrganization(),
+			"aws_organizations_organizational_units":                    organizations.DataSourceOrganizationalUnits(),
+			"aws_organizations_organizational_unit_child_accounts":      organizations.DataSourceOrganizationalUnitChildAccounts(),
+			"aws_organizations_organizational_unit_descendant_accounts": organizations.DataSourceOrganizationalUnitDescendantAccounts(),
+			"aws_organizations_resource_tags":                           organizations.DataSourceResourceTags(),
 
 			"aws_outposts_asset":                  outposts.DataSourceOutpostAsset(),
 			"aws_outposts_assets":                 outposts.DataSourceOutpostAssets(),

@@ -0,0 +1,92 @@
+package organizations
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/organizations"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+)
+
+func DataSourceOrganizationalUnitChildAccounts() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourceOrganizationalUnitChildAccountsRead,
+
+		Schema: map[string]*schema.Schema{
+			"accounts": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"arn": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"email": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"status": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"parent_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func dataSourceOrganizationalUnitChildAccountsRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).OrganizationsConn()
+
+	parentID := d.Get("parent_id").(string)
+	accounts, err := findAccountsForParent(ctx, conn, parentID)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "listing Organizations Accounts for parent (%s): %s", parentID, err)
+	}
+
+	d.SetId(parentID)
+
+	if err := d.Set("accounts", flattenAccounts(accounts)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "setting accounts: %s", err)
+	}
+
+	return diags
+}
+
+func findAccountsForParent(ctx context.Context, conn *organizations.Organizations, id string) ([]*organizations.Account, error) {
+	input := &organizations.ListAccountsForParentInput{
+		ParentId: aws.String(id),
+	}
+	var output []*organizations.Account
+
+	err := conn.ListAccountsForParentPages(input, func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool {
+		output = append(output, page.Accounts...)
+
+		return !lastPage
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return output, nil
+}
@@ -0,0 +1,39 @@
+package organizations_test
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/organizations"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func testAccOrganizationalUnitChildAccountsDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	dataSourceName := "data.aws_organizations_organizational_unit_child_accounts.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(t)
+			acctest.PreCheckOrganizationManagementAccount(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, organizations.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccOrganizationalUnitChildAccountsDataSourceConfig_basic,
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckResourceAttrGreaterThanValue(dataSourceName, "accounts.#", "0"),
+				),
+			},
+		},
+	})
+}
+
+const testAccOrganizationalUnitChildAccountsDataSourceConfig_basic = `
+data "aws_organizations_organization" "current" {}
+
+data "aws_organizations_organizational_unit_child_accounts" "test" {
+  parent_id = data.aws_organizations_organization.current.roots[0].id
+}
+`
@@ -0,0 +1,104 @@
+package organizations
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/organizations"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+)
+
+func DataSourceOrganizationalUnitDescendantAccounts() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourceOrganizationalUnitDescendantAccountsRead,
+
+		Schema: map[string]*schema.Schema{
+			"accounts": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"arn": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"email": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"status": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"parent_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func dataSourceOrganizationalUnitDescendantAccountsRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).OrganizationsConn()
+
+	parentID := d.Get("parent_id").(string)
+	accounts, err := findAllAccountsForParentAndBelow(ctx, conn, parentID)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "listing Organizations Accounts for parent (%s) and descendants: %s", parentID, err)
+	}
+
+	d.SetId(parentID)
+
+	if err := d.Set("accounts", flattenAccounts(accounts)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "setting accounts: %s", err)
+	}
+
+	return diags
+}
+
+// findAllAccountsForParent recurses down an OU tree, returning all accounts at the specified parent and below.
+func findAllAccountsForParentAndBelow(ctx context.Context, conn *organizations.Organizations, id string) ([]*organizations.Account, error) {
+	var output []*organizations.Account
+
+	accounts, err := findAccountsForParent(ctx, conn, id)
+
+	if err != nil {
+		return nil, err
+	}
+
+	output = append(output, accounts...)
+
+	ous, err := findOUsForParent(ctx, conn, id)
+
+	if err != nil {
+		return nil, err
+	}
+
+	for _, ou := range ous {
+		accounts, err = findAllAccountsForParentAndBelow(ctx, conn, aws.StringValue(ou.Id))
+
+		if err != nil {
+			return nil, err
+		}
+
+		output = append(output, accounts...)
+	}
+
+	return output, nil
+}
@@ -0,0 +1,70 @@
+package organizations_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/organizations"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func testAccOrganizationalUnitDescendantAccountsDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	topOUDataSourceName := "data.aws_organizations_organizational_unit_descendant_accounts.current"
+	newOU1DataSourceName := "data.aws_organizations_organizational_unit_descendant_accounts.test0"
+	newOU2DataSourceName := "data.aws_organizations_organizational_unit_descendant_accounts.test1"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(t)
+			acctest.PreCheckOrganizationManagementAccount(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, organizations.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccOrganizationalUnitDescendantAccountsDataSourceConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckResourceAttrGreaterThanValue(topOUDataSourceName, "accounts.#", "0"),
+					resource.TestCheckResourceAttr(newOU1DataSourceName, "accounts.#", "0"),
+					resource.TestCheckResourceAttr(newOU2DataSourceName, "accounts.#", "0"),
+				),
+			},
+		},
+	})
+}
+
+func testAccOrganizationalUnitDescendantAccountsDataSourceConfig_basic(rName string) string {
+	return fmt.Sprintf(`
+data "aws_organizations_organization" "current" {}
+
+resource "aws_organizations_organizational_unit" "test0" {
+  name      = "%[1]s-0"
+  parent_id = data.aws_organizations_organization.current.roots[0].id
+}
+
+resource "aws_organizations_organizational_unit" "test1" {
+  name      = "%[1]s-1"
+  parent_id = aws_organizations_organizational_unit.test0.id
+}
+
+data "aws_organizations_organizational_unit_descendant_accounts" "current" {
+  parent_id = data.aws_organizations_organization.current.roots[0].id
+
+  depends_on = [aws_organizations_organizational_unit.test0, aws_organizations_organizational_unit.test1]
+}
+
+data "aws_organizations_organizational_unit_descendant_accounts" "test0" {
+  parent_id = aws_organizations_organizational_unit.test0.id
+
+  depends_on = [aws_organizations_organizational_unit.test1]
+}
+
+data "aws_organizations_organizational_unit_descendant_accounts" "test1" {
+  parent_id = aws_organizations_organizational_unit.test1.id
+}
+`, rName)
+}
@@ -48,32 +48,39 @@ func dataSourceOrganizationalUnitsRead(ctx context.Context, d *schema.ResourceDa
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).OrganizationsConn()
 
-	parent_id := d.Get("parent_id").(string)
+	parentID := d.Get("parent_id").(string)
+	children, err := findOUsForParent(ctx, conn, parentID)
 
-	params := &organizations.ListOrganizationalUnitsForParentInput{
-		ParentId: aws.String(parent_id),
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "listing Organizations Organization Units for parent (%s): %s", parentID, err)
 	}
 
-	var children []*organizations.OrganizationalUnit
+	d.SetId(parentID)
 
-	err := conn.ListOrganizationalUnitsForParentPagesWithContext(ctx, params,
-		func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool {
-			children = append(children, page.OrganizationalUnits...)
+	if err := d.Set("children", FlattenOrganizationalUnits(children)); err != nil {
+		return sdkdiag.AppendErrorf(diags, "setting children: %s", err)
+	}
 
-			return !lastPage
-		})
+	return diags
+}
 
-	if err != nil {
-		return sdkdiag.AppendErrorf(diags, "listing Organizations Organization Units for parent (%s): %s", parent_id, err)
+func findOUsForParent(ctx context.Context, conn *organizations.Organizations, id string) ([]*organizations.OrganizationalUnit, error) {
+	input := &organizations.ListOrganizationalUnitsForParentInput{
+		ParentId: aws.String(id),
 	}
+	var output []*organizations.OrganizationalUnit
 
-	d.SetId(parent_id)
+	err := conn.ListOrganizationalUnitsForParentPagesWithContext(ctx, input, func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool {
+		output = append(output, page.OrganizationalUnits...)
 
-	if err := d.Set("children", FlattenOrganizationalUnits(children)); err != nil {
-		return sdkdiag.AppendErrorf(diags, "setting children: %s", err)
+		return !lastPage
+	})
+
+	if err != nil {
+		return nil, err
 	}
 
-	return diags
+	return output, nil
 }
 
 func FlattenOrganizationalUnits(ous []*organizations.OrganizationalUnit) []map[string]interface{} {