diff --git a/third_party/terraform/data_sources/data_source_google_iam_policy.go.erb b/third_party/terraform/data_sources/data_source_google_iam_policy.go.erb
index b36eaf27277b..8c0e6ef4985a 100644
--- a/third_party/terraform/data_sources/data_source_google_iam_policy.go.erb
+++ b/third_party/terraform/data_sources/data_source_google_iam_policy.go.erb
@@ -43,7 +43,7 @@ func dataSourceGoogleIamPolicy() *schema.Resource {
 							Required: true,
 							Elem:     &schema.Schema{
 								Type:         schema.TypeString,
-								ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support deleted IAM members"),
+								ValidateFunc: validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM policies for deleted principals"),
 							},
 							Set:      schema.HashString,
 						},
diff --git a/third_party/terraform/resources/resource_iam_binding.go.erb b/third_party/terraform/resources/resource_iam_binding.go.erb
index 89567a9021c2..bb7ec0027186 100644
--- a/third_party/terraform/resources/resource_iam_binding.go.erb
+++ b/third_party/terraform/resources/resource_iam_binding.go.erb
@@ -5,9 +5,11 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"regexp"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"google.golang.org/api/cloudresourcemanager/v1"
 )
 
@@ -23,6 +25,7 @@ var iamBindingSchema = map[string]*schema.Schema{
 		Elem: &schema.Schema{
 			Type:             schema.TypeString,
 			DiffSuppressFunc: caseDiffSuppress,
+			ValidateFunc:     validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM bindings for deleted principals"),
 		},
 		Set: func(v interface{}) int {
 			return schema.HashString(strings.ToLower(v.(string)))
diff --git a/third_party/terraform/resources/resource_iam_member.go.erb b/third_party/terraform/resources/resource_iam_member.go.erb
index 1d7ebf381b2a..86fa3463a82c 100644
--- a/third_party/terraform/resources/resource_iam_member.go.erb
+++ b/third_party/terraform/resources/resource_iam_member.go.erb
@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"google.golang.org/api/cloudresourcemanager/v1"
 )
 
@@ -22,6 +23,7 @@ var IamMemberBaseSchema = map[string]*schema.Schema{
 		Required:         true,
 		ForceNew:         true,
 		DiffSuppressFunc: caseDiffSuppress,
+		ValidateFunc:     validation.StringDoesNotMatch(regexp.MustCompile("^deleted:"), "Terraform does not support IAM members for deleted principals"),
 	},
 <% unless version == 'ga' -%>
 	"condition": {