When you setup an AWS consolidated billing, or what is now AWS Organisations, the aws tool uses an IAM user in the root account to assume a role in the subaccount. So you need to identify this int he ~/.aws/config file.
However terraform doesn't read the config, only the credentials file. So you have to tell terraform's aws provider to use the root account, but assume the role in the delegate account using it's account-id. so your aws provider block would look like:

aws = {
  account-id = 121212121212
  profile = "root-acc"
  role_arn = "arn:aws:iam::121212121212:role/root-acc-administrator"
  azs = ...etc

modifying the init-variables script to use some env vars would solve this.
I will submit a PR and link it to this to explain and start an enhancement proposal