You can apply the directly YAML file to the cluster

provisioner "local-exec" {
    command = <<EOT
cat <<EOF | kubectl --server=${aws_eks_cluster.demo.endpoint} --insecure-skip-tls-verify=true --token=${data.aws_eks_cluster_auth.demo.token} create -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: mymail@gmail.com
    privateKeySecretRef:
      name: letsencrypt
    http01: {}
EOF
EOT
  }

or else you can also use the TF provider to apply the YAML file

https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs#installation

update :

if you have not set up the Kubernetes provider to authenticate you can use from : https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs

provider "kubernetes" {
  config_path    = "~/.kube/config"
  config_context = "my-context"
}

resource "kubernetes_namespace" "example" {
  metadata {
    name = "my-first-namespace"
  }
}