diff --git a/mmv1/products/compute/RegionBackendService.yaml b/mmv1/products/compute/RegionBackendService.yaml
index e89d609a731b..453a9af3dd75 100644
--- a/mmv1/products/compute/RegionBackendService.yaml
+++ b/mmv1/products/compute/RegionBackendService.yaml
@@ -52,6 +52,13 @@ examples:
     vars:
       region_backend_service_name: 'region-service'
       health_check_name: 'rbs-health-check'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'region_backend_service_external_iap'
+    primary_resource_id: 'default'
+    vars:
+      region_backend_service_name: 'tf-test-region-service-external'
+    ignore_read_extra:
+      - 'iap.0.oauth2_client_secret'
   - !ruby/object:Provider::Terraform::Examples
     name: 'region_backend_service_cache'
     primary_resource_id: 'default'
@@ -740,7 +747,6 @@ properties:
   - !ruby/object:Api::Type::NestedObject
     name: 'iap'
     description: Settings for enabling Cloud Identity Aware Proxy
-    send_empty_value: true
     properties:
       - !ruby/object:Api::Type::String
         name: 'oauth2ClientId'
diff --git a/mmv1/templates/terraform/encoders/region_backend_service.go.erb b/mmv1/templates/terraform/encoders/region_backend_service.go.erb
index fe1e25657a1f..c5a0bfcd87e8 100644
--- a/mmv1/templates/terraform/encoders/region_backend_service.go.erb
+++ b/mmv1/templates/terraform/encoders/region_backend_service.go.erb
@@ -20,13 +20,7 @@
 // present in config.
 
 iapVal := obj["iap"]
-if iapVal == nil {
-	data := map[string]interface{}{}
-	data["enabled"] = false
-	data["oauth2ClientId"] = ""
-	data["oauth2ClientSecret"] = ""
-	obj["iap"] = data
-} else {
+if iapVal != nil {
 	iap := iapVal.(map[string]interface{})
 	iap["enabled"] = true
 	obj["iap"] = iap
diff --git a/mmv1/templates/terraform/examples/region_backend_service_external_iap.tf.erb b/mmv1/templates/terraform/examples/region_backend_service_external_iap.tf.erb
new file mode 100644
index 000000000000..ec9ca33f00b0
--- /dev/null
+++ b/mmv1/templates/terraform/examples/region_backend_service_external_iap.tf.erb
@@ -0,0 +1,10 @@
+resource "google_compute_region_backend_service" "<%= ctx[:primary_resource_id] %>" {
+  name                  = "<%= ctx[:vars]['region_backend_service_name'] %>"
+  region                = "us-central1"
+  protocol              = "HTTP"
+  load_balancing_scheme = "EXTERNAL"
+  iap {
+    oauth2_client_id     = "abc"
+    oauth2_client_secret = "xyz"
+  }
+}