diff --git a/README.md b/README.md
index 4b6bd84..5c05be2 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ sys     0m2.015s
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 2.1.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 1.0 |
 
 ## Providers
 
@@ -43,6 +44,7 @@ sys     0m2.015s
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.83.1 |
 | <a name="provider_http"></a> [http](#provider\_http) | 3.4.5 |
 | <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| <a name="provider_null"></a> [null](#provider\_null) | >= 1.0 |
 
 ## Modules
 
@@ -54,11 +56,12 @@ sys     0m2.015s
 
 | Name | Type |
 |------|------|
-| [kubernetes_manifest.deploy_cluster_roles](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.gp3_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
+| [null_resource.apply_cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.cluster_roles](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_ebs_default_kms_key.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ebs_default_kms_key) | data source |
 | [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
 | [http_http.cluster_roles](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source |
diff --git a/eks_console_access.tf b/eks_console_access.tf
index 5b5e248..766e46a 100644
--- a/eks_console_access.tf
+++ b/eks_console_access.tf
@@ -33,8 +33,33 @@ data "http" "cluster_roles" {
   url      = each.value.url
 }
 
-# Apply the Kubernetes manifests to the cluster
-resource "kubernetes_manifest" "deploy_cluster_roles" {
+# # Apply the Kubernetes manifests to the cluster
+# resource "kubernetes_manifest" "deploy_cluster_roles" {
+#   for_each = local.cluster_roles_map
+#   manifest = yamldecode(data.http.cluster_roles[each.key].body)
+# }
+
+resource "null_resource" "cluster_roles" {
   for_each = local.cluster_roles_map
-  manifest = yamldecode(data.http.cluster_roles[each.key].body)
+  triggers = {
+    roles     = join(",", [each.key, each.value.url])
+    directory = null_resource.setup_directory.triggers.directory
+  }
+  provisioner "local-exec" {
+    command = "echo '${data.http.cluster_roles[each.key].body}' > ${self.triggers.directory}/${each.value.name}.yaml"
+  }
+}
+
+resource "null_resource" "apply_cluster_roles" {
+  for_each = { for k, v in local.cluster_roles_map : k => v if v.enabled }
+  triggers = {
+    roles = join(",", [each.key, each.value.url])
+  }
+  depends_on = [null_resource.kubeconfig]
+  provisioner "local-exec" {
+    environment = {
+      KUBECONFIG = "${path.root}/setup/kube.config"
+    }
+    command = "kubectl apply -f setup/${each.value.name}.yaml"
+  }
 }
diff --git a/requirements.tf b/requirements.tf
index 871794c..293d403 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -14,6 +14,9 @@ terraform {
       source  = "hashicorp/kubernetes"
       version = ">= 2.23.0"
     }
-
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 1.0"
+    }
   }
 }