Terraform aws assume role

I have a problem with AWS assume role using terraform.

In AWS I have three accounts: root, staging and production (let's focus only on root & staging account) in single organization. The root account has one IAM user terraform (with AdministratorAccess policy) which is used by terraform to provisioning all stuff.

The image of organization structure

Root account ID: 111111111111
Staging account ID: 333333333333

A terraform script looks like that:

############## backend.tf

terraform {
  required_version = "0.12.19"
}


############## providers.tf
provider "aws" {
  region = "eu-west-1"

  profile = "default"
}

provider "aws" {
  version = ">= 2.44"
  region  = "eu-west-1"
  profile = "default"

  assume_role {
    role_arn = "arn:aws:iam::333333333333:role/staging-admin"
  }

  allowed_account_ids = ["333333333333"]

  alias = "staging"
}


############## organization.tf
resource "aws_organizations_account" "staging" {
  email = "[email protected]"
  name  = "Staging"

  parent_id = "ZZZZZ"
}



############## data.tf
data "aws_iam_policy_document" "assume_staging_role" {
  statement {
    effect    = "Allow"
    actions   = ["sts:AssumeRole"]
    resources = [
      aws_iam_role.staging.arn
    ]
  }
}

data "aws_iam_policy" "administrator_access" {
  arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}

data "template_file" "cross_admin_trust_policy" {
  template = file("templates/cross_admin_trust_policy.json")

  vars = {
    staging_account_number = aws_organizations_account.staging.id
  }
}



############## iam.tf
resource "aws_iam_role" "staging" {
  name                 = "staging-admin"
  description          = "Assumable role granting administrator permissions to the staging account"
  assume_role_policy   = data.template_file.cross_admin_trust_policy.rendered
  max_session_duration = 20000

  provider = aws.staging
}

resource "aws_iam_role_policy_attachment" "staging_admin_access" {
  role       = aws_iam_role.staging.name
  policy_arn = data.aws_iam_policy.administrator_access.arn

  provider = aws.staging_ireland
}

resource "aws_iam_role_policy_attachment" "staging_attach_assume_any_admin" {
  role       = aws_iam_role.staging.name
  policy_arn = data.aws_iam_policy.administrator_access.arn

  provider = aws.staging_ireland
}

and my policy.json file:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::${staging_account_number}:role/staging-admin"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

when I execute terraform plan I'm getting this error:

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.aws_iam_policy.administrator_access: Refreshing state...
aws_organizations_account.staging: Refreshing state... [id=333333333333]
data.template_file.cross_admin_trust_policy: Refreshing state...

Error: The role "arn:aws:iam::333333333333:role/staging-admin" cannot be assumed.

  There are a number of possible causes of this - the most common are:
    * The credentials used in order to assume the role are invalid
    * The credentials do not have appropriate permission to assume the role
    * The role ARN is not valid

  on providers.tf line 25, in provider "aws"

Someone has an idea how to fix?