diff --git a/modules/dns/README.md b/modules/dns/README.md
index 2c00ebb1..780e9f0b 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -37,7 +37,7 @@ module "private-dns" {
| *peer_network* | Peering network self link, only valid for 'peering' zone types. | string
| | null
|
| *recordsets* | List of DNS record objects to manage. | list(object({...}))
| | []
|
| *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string
| | null
|
-| *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | string
| | private
|
+| *type* | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory'. | string
| | ...
|
| *zone_create* | Create zone. When set to false, uses a data source to reference existing zone. | bool
| | true
|
## Outputs
diff --git a/modules/folder/README.md b/modules/folder/README.md
index 5b15204c..5e85b49a 100644
--- a/modules/folder/README.md
+++ b/modules/folder/README.md
@@ -46,7 +46,7 @@ module "folder" {
|---|---|:---: |:---:|:---:|
| name | Folder name. | string
| ✓ | |
| parent | Parent in folders/folder_id or organizations/org_id format. | string
| ✓ | |
-| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | map(set(string))
| | null
|
+| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | map(set(string))
| | {}
|
| *policy_boolean* | Map of boolean org policies and enforcement value, set value to null for policy restore. | map(bool)
| | {}
|
| *policy_list* | Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. | map(object({...}))
| | {}
|
diff --git a/modules/folders-unit/README.md b/modules/folders-unit/README.md
index 43c84ec0..9ebad644 100644
--- a/modules/folders-unit/README.md
+++ b/modules/folders-unit/README.md
@@ -36,10 +36,9 @@ module "folders-unit" {
| short_name | Short name used as GCS bucket and service account prefixes, do not use capital letters or spaces. | string
| ✓ | |
| *environments* | Unit environments short names. | map(string)
| | ...
|
| *gcs_defaults* | Defaults use for the state GCS buckets. | map(string)
| | ...
|
+| *iam* | IAM bindings for the top-level folder in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
| *iam_billing_config* | Grant billing user role to service accounts, defaults to granting on the billing account. | object({...})
| | ...
|
| *iam_enviroment_roles* | IAM roles granted to the environment service account on the environment sub-folder. | list(string)
| | ...
|
-| *iam_members* | IAM members for roles applied on the unit folder. | map(list(string))
| | null
|
-| *iam_roles* | IAM roles applied on the unit folder. | list(string)
| | null
|
| *iam_xpn_config* | Grant Shared VPC creation roles to service accounts, defaults to granting at folder level. | object({...})
| | ...
|
| *prefix* | Optional prefix used for GCS bucket names to ensure uniqueness. | string
| | null
|
| *service_account_keys* | Generate and store service account keys in the state file. | bool
| | false
|
diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 3c69da48..33afea1f 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -66,7 +66,7 @@ module "bucket" {
| project_id | Bucket project id. | string
| ✓ | |
| *encryption_key* | KMS key that will be used for encryption. | string
| | null
|
| *force_destroy* | Optional map to set force destroy keyed by name, defaults to false. | bool
| | false
|
-| *iam_members* | IAM members keyed by bucket name and role. | map(set(string))
| | {}
|
+| *iam* | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string))
| | {}
|
| *labels* | Labels to be attached to all buckets. | map(string)
| | {}
|
| *location* | Bucket location. | string
| | EU
|
| *logging_config* | Bucket logging configuration. | object({...})
| | null
|
diff --git a/modules/project/README.md b/modules/project/README.md
index 61b62286..fcd8ca05 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -15,7 +15,7 @@ module "project" {
"container.googleapis.com",
"stackdriver.googleapis.com"
]
- iam_members = {
+ iam = {
"roles/container.hostServiceAgentUser" = [
"serviceAccount:${var.gke_service_account}"
]
@@ -31,7 +31,7 @@ module "project" {
name = "project-example"
project_create = false
- iam_additive_bindings = {
+ iam_additive = {
"group:usergroup_watermlon_experimentation@lemonadeinc.io" = [
"roles/viewer",
"roles/storage.objectAdmin"
diff --git a/modules/secret-manager/README.md b/modules/secret-manager/README.md
index b1617e62..7f237482 100644
--- a/modules/secret-manager/README.md
+++ b/modules/secret-manager/README.md
@@ -25,7 +25,7 @@ module "secret-manager" {
### Secret IAM bindings
-IAM bindings can be set per secret in the same way as for most other modules supporting IAM, using the `iam_members` variable.
+IAM bindings can be set per secret in the same way as for most other modules supporting IAM, using the `iam` variable.
```hcl
module "secret-manager" {