diff --git a/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb b/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb
index d59d0a0f4f06..e93d9a2b83e9 100644
--- a/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb
+++ b/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb
@@ -56,9 +56,7 @@ var (
 <% unless version == "ga" -%>
 		"config.0.database_config",
 		"config.0.web_server_config",
-<% end -%>
-<% unless version == "ga" -%>
-                "config.0.encryption_config",
+    "config.0.encryption_config",
 <% end -%>
 	}
 
@@ -436,8 +434,6 @@ func resourceComposerEnvironment() *schema.Resource {
 								},
 							},
 						},
-<% end -%>
-<% unless version == "ga" -%>
 						"encryption_config": {
 							Type:         schema.TypeList,
 							Optional:     true,
@@ -723,18 +719,6 @@ func resourceComposerEnvironmentUpdate(d *schema.ResourceData, meta interface{})
 				return err
 			}
 		}
-<% end -%>
-<% unless version == "ga" -%>
-		if d.HasChange("config.0.encryption_config.0.kms_key_name") {
-			patchObj := &composer.Environment{Config: &composer.EnvironmentConfig{}}
-			if config != nil {
-				patchObj.Config.EncryptionConfig = config.EncryptionConfig
-			}
-			err = resourceComposerEnvironmentPatchField("config.encryptionConfig.kmsKeyName", userAgent, patchObj, d, tfConfig)
-			if err != nil {
-				return err
-			}
-		}
 <% end -%>
 	}
 
@@ -860,8 +844,6 @@ func flattenComposerEnvironmentConfig(envCfg *composer.EnvironmentConfig) interf
 <% unless version == "ga" -%>
 	transformed["database_config"] = flattenComposerEnvironmentConfigDatabaseConfig(envCfg.DatabaseConfig)
 	transformed["web_server_config"] = flattenComposerEnvironmentConfigWebServerConfig(envCfg.WebServerConfig)
-<% end -%>
-<% unless version == "ga" -%>
 	transformed["encryption_config"] = flattenComposerEnvironmentConfigEncryptionConfig(envCfg.EncryptionConfig)
 <% end -%>
 
@@ -913,9 +895,7 @@ func flattenComposerEnvironmentConfigWebServerConfig(webServerCfg *composer.WebS
 
 	return []interface{}{transformed}
 }
-<% end -%>
 
-<% unless version == "ga" -%>
 func flattenComposerEnvironmentConfigEncryptionConfig(encryptionCfg *composer.EncryptionConfig) interface{} {
 	if encryptionCfg == nil {
 		return nil
@@ -1056,9 +1036,6 @@ func expandComposerEnvironmentConfig(v interface{}, d *schema.ResourceData, conf
 	}
 	transformed.WebServerConfig = transformedWebServerConfig
 
-<% end -%>
-
-<% unless version == "ga" -%>
 	transformedEncryptionConfig, err := expandComposerEnvironmentConfigEncryptionConfig(original["encryption_config"], d, config)
 	if err != nil {
 		return nil, err
diff --git a/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb b/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb
index 3793df901168..2335472668ab 100644
--- a/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb
+++ b/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb
@@ -296,38 +296,38 @@ func TestAccComposerEnvironment_withWebServerConfig(t *testing.T) {
 }
 
 func TestAccComposerEnvironment_withEncryptionConfig(t *testing.T) {
-	t.Parallel()
+  t.Parallel()
 
-  kms := BootstrapKMSKey(t)
+  kms := BootstrapKMSKeyInLocation(t, "us-central1")
   pid := getTestProjectFromEnv()
-	envName := fmt.Sprintf("%s-%d", testComposerEnvironmentPrefix, randInt(t))
-	network := fmt.Sprintf("%s-%d", testComposerNetworkPrefix, randInt(t))
-	subnetwork := network + "-1"
-
-	vcrTest(t, resource.TestCase{
-		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProviders,
-		CheckDestroy: testAccComposerEnvironmentDestroyProducer(t),
-		Steps: []resource.TestStep{
-			{
-				Config: testAccComposerEnvironment_encryptionCfg(pid, envName, kms.CryptoKey.Name, network, subnetwork),
-			},
-			{
-				ResourceName:      "google_composer_environment.test",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
-			// This is a terrible clean-up step in order to get destroy to succeed,
-			// due to dangling firewall rules left by the Composer Environment blocking network deletion.
-			// TODO(emilyye): Remove this check if firewall rules bug gets fixed by Composer.
-//			{
-//				PlanOnly:           true,
-//				ExpectNonEmptyPlan: false,
-//				Config:             testAccComposerEnvironment_encryptionCfgUpdated(envName, network, subnetwork),
-//				Check:              testAccCheckClearComposerEnvironmentFirewalls(t, network),
-//			},
-		},
-	})
+  envName := fmt.Sprintf("%s-%d", testComposerEnvironmentPrefix, randInt(t))
+  network := fmt.Sprintf("%s-%d", testComposerNetworkPrefix, randInt(t))
+  subnetwork := network + "-1"
+
+  vcrTest(t, resource.TestCase{
+    PreCheck:     func() { testAccPreCheck(t) },
+    Providers:    testAccProviders,
+    CheckDestroy: testAccComposerEnvironmentDestroyProducer(t),
+    Steps: []resource.TestStep{
+      {
+        Config: testAccComposerEnvironment_encryptionCfg(pid, envName, kms.CryptoKey.Name, network, subnetwork),
+      },
+      {
+        ResourceName:      "google_composer_environment.test",
+        ImportState:       true,
+        ImportStateVerify: true,
+      },
+      // This is a terrible clean-up step in order to get destroy to succeed,
+      // due to dangling firewall rules left by the Composer Environment blocking network deletion.
+      // TODO(dzarmola): Remove this check if firewall rules bug gets fixed by Composer.
+      {
+        PlanOnly:           true,
+        ExpectNonEmptyPlan: false,
+        Config:             testAccComposerEnvironment_encryptionCfg(pid, envName, kms.CryptoKey.Name, network, subnetwork),
+        Check:              testAccCheckClearComposerEnvironmentFirewalls(t, network),
+      },
+    },
+  })
 }
 <% end -%>
 // Checks behavior of node config, including dependencies on Compute resources.
@@ -771,78 +771,70 @@ resource "google_compute_subnetwork" "test" {
 }
 
 func testAccComposerEnvironment_encryptionCfg(pid, name, kmsKey, network, subnetwork string) string {
-	return fmt.Sprintf(`
+  return fmt.Sprintf(`
 data "google_project" "project" {
   project_id = "%s"
 }
-
 resource "google_project_iam_member" "kms-project-binding1" {
   project = data.google_project.project.project_id
   role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member  = "serviceAccount:service-${data.google_project.project.number}@cloudcomposer-accounts.iam.gserviceaccount.com"
 }
-
 resource "google_project_iam_member" "kms-project-binding2" {
   project = data.google_project.project.project_id
   role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member  = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
 }
-
 resource "google_project_iam_member" "kms-project-binding3" {
   project = data.google_project.project.project_id
   role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member  = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
 }
-
 resource "google_project_iam_member" "kms-project-binding4" {
   project = data.google_project.project.project_id
   role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
 }
-
 resource "google_project_iam_member" "kms-project-binding5" {
   project = data.google_project.project.project_id
   role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member  = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-pubsub.iam.gserviceaccount.com"
 }
-
 resource "google_kms_crypto_key_iam_member" "iam" {
-  crypto_key_id = google_kms_crypto_key.crypto_key.id
+  crypto_key_id = "%s"
   role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member  = "serviceAccount:service-${data.google_project.project.number}@gs-project-accounts.iam.gserviceaccount.com"
 }
-
 resource "google_composer_environment" "test" {
-	depends_on = [google_project_iam_member.kms-project-binding1]
-
-	name   = "%s"
-	region = "us-central1"
-	config {
-		node_config {
-			network    = google_compute_network.test.self_link
-			subnetwork = google_compute_subnetwork.test.self_link
-			zone       = "us-central1-a"
-		}
-		encryption_config {
-			kms_key_name  = "%s"
-		}
-	}
+  depends_on = [google_project_iam_member.kms-project-binding1, google_project_iam_member.kms-project-binding2,
+  google_project_iam_member.kms-project-binding3, google_project_iam_member.kms-project-binding4,
+  google_project_iam_member.kms-project-binding5, google_kms_crypto_key_iam_member.iam]
+  name   = "%s"
+  region = "us-central1"
+  config {
+    node_config {
+      network    = google_compute_network.test.self_link
+      subnetwork = google_compute_subnetwork.test.self_link
+      zone       = "us-central1-a"
+    }
+    encryption_config {
+      kms_key_name  = "%s"
+    }
+  }
 }
-
 // use a separate network to avoid conflicts with other tests running in parallel
 // that use the default network/subnet
 resource "google_compute_network" "test" {
-	name                    = "%s"
-	auto_create_subnetworks = false
+  name                    = "%s"
+  auto_create_subnetworks = false
 }
-
 resource "google_compute_subnetwork" "test" {
-	name          = "%s"
-	ip_cidr_range = "10.2.0.0/16"
-	region        = "us-central1"
-	network       = google_compute_network.test.self_link
+  name          = "%s"
+  ip_cidr_range = "10.2.0.0/16"
+  region        = "us-central1"
+  network       = google_compute_network.test.self_link
 }
-`, name, kmsKey, network, subnetwork)
+`, pid, kmsKey, name, kmsKey, network, subnetwork)
 }
 <% end -%>
 func testAccComposerEnvironment_update(name, network, subnetwork string) string {