diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
index 1297bbfb..d1b15f9c 100644
--- a/autogen/main.tf.tmpl
+++ b/autogen/main.tf.tmpl
@@ -256,13 +256,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/examples/user-managed-google-managed-ssl/main.tf b/examples/user-managed-google-managed-ssl/main.tf
index 2bf9d50e..30d33e6a 100644
--- a/examples/user-managed-google-managed-ssl/main.tf
+++ b/examples/user-managed-google-managed-ssl/main.tf
@@ -65,7 +65,7 @@ locals {
 
 module "gce-lb-https" {
   source  = "terraform-google-modules/lb-http/google"
-  version = "~> 11.0"
+  version = "~> 12.0"
 
   name                            = var.network_name
   project                         = var.project_id
diff --git a/main.tf b/main.tf
index 70f10650..9721c9a3 100644
--- a/main.tf
+++ b/main.tf
@@ -238,13 +238,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/modules/dynamic_backends/main.tf b/modules/dynamic_backends/main.tf
index cd8c8a75..b0b4aacc 100644
--- a/modules/dynamic_backends/main.tf
+++ b/modules/dynamic_backends/main.tf
@@ -238,13 +238,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
index 25c1849c..306de60f 100644
--- a/modules/serverless_negs/main.tf
+++ b/modules/serverless_negs/main.tf
@@ -233,13 +233,10 @@ resource "google_compute_backend_service" "default" {
     }
   }
 
-  dynamic "iap" {
-    for_each = try(each.value["iap_config"], null) != null && lookup(try(each.value["iap_config"], {}), "enable", false) ? [1] : []
-    content {
-      enabled              = lookup(each.value["iap_config"], "enable", false)
-      oauth2_client_id     = lookup(each.value["iap_config"], "oauth2_client_id")
-      oauth2_client_secret = lookup(each.value["iap_config"], "oauth2_client_secret")
-    }
+  iap {
+    enabled              = try(each.value["iap_config"], null) == null ? false : lookup(try(each.value["iap_config"], {}), "enable", false)
+    oauth2_client_id     = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_id")
+    oauth2_client_secret = try(each.value["iap_config"], null) == null ? null : lookup(each.value["iap_config"], "oauth2_client_secret")
   }
 
   dynamic "cdn_policy" {
diff --git a/test/setup/main.tf b/test/setup/main.tf
index 8ebc082c..c158fa58 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -26,6 +26,7 @@ module "project-ci-lb-http" {
   default_service_account     = "keep"
   disable_dependent_services  = false
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",
@@ -50,6 +51,7 @@ module "project-ci-lb-http-1" {
   default_service_account     = "keep"
   disable_dependent_services  = false
   disable_services_on_destroy = false
+  deletion_policy             = "DELETE"
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",