Delete null resource when terraform destroy

I have a terraform code to import certificate to aws certificate manager using null resource. But i need to destroy the resources created by null resource when do terraform destroy.

resource “null_resource” “import_cert” {
provisioner “local-exec” {
command = <<-EOT
aws secretsmanager get-secret-value --secret-id /stage/privatekey --query ‘SecretString’ --output text > key.pem
aws secretsmanager get-secret-value --secret-id /stage/crt --query ‘SecretString’ --output text > cert.pem
aws acm import-certificate --certificate file://cert.pem --private-key file://key.pem --tags Key=“Name”,Value=“custom”

@desallama87, while it’s true that a provisioner can be set to execute during a destroy operation, that is not going to be able to execute if the resource were removed from the config entirely, or failed in someway and became tainted. There is no way for terraform to fully track the lifecycle of resources created by CLI commands executed outside of terraform.

Are you certain there is no data source or combination of resources which can replace what you are doing with the null provider? I’m not familiar with these AWS resources, but acm_certificate looks relevant.