diff --git a/products/iap/api.yaml b/products/iap/api.yaml
index a392db423aed..1c671c9a2d19 100644
--- a/products/iap/api.yaml
+++ b/products/iap/api.yaml
@@ -135,6 +135,20 @@ objects:
         name: 'name'
         description: Name of the instance.
         required: true
+  # This resource is only used to generate IAM resources. They do not correspond to real
+  # GCP resources, and should not be used to generate anything other than IAM suppport.
+  - !ruby/object:Api::Resource
+    name: 'Tunnel'
+    base_url: 'projects/{{project}}/iap_tunnel'
+    self_link: 'projects/{{project}}/iap_tunnel'
+    exclude_resource: true
+    description: |
+      Only used to generate IAM resources
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'project'
+        description: Project ID.
+        required: true
   - !ruby/object:Api::Resource
     name: 'Brand'
     base_url: 'projects/{{project}}/brands'
diff --git a/products/iap/terraform.yaml b/products/iap/terraform.yaml
index 48d0efa18c7e..04403ca355a7 100644
--- a/products/iap/terraform.yaml
+++ b/products/iap/terraform.yaml
@@ -150,6 +150,24 @@ overrides: !ruby/object:Overrides::ResourceOverrides
         vars:
           instance_name: "tunnel-vm"
         primary_resource_name: "fmt.Sprintf(\"tf-test-tunnel-vm%s\", context[\"random_suffix\"])"
+  Tunnel: !ruby/object:Overrides::Terraform::ResourceOverride
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      exclude: false
+      method_name_separator: ':'
+      fetch_iam_policy_verb: :POST
+      parent_resource_type: 'google_project_service'
+      parent_resource_attribute: 'project'
+      allowed_iam_role: 'roles/iap.tunnelResourceAccessor'
+      iam_conditions_request_type: :REQUEST_BODY
+    id_format: "projects/{{project}}/iap_tunnel"
+    import_format: ["projects/{{project}}/iap_tunnel"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "iap_project"
+        primary_resource_id: "project_service"
+        primary_resource_name: "fmt.Sprintf(\"tf-test%s\", context[\"random_suffix\"])"
+        test_env_vars:
+          org_id: :ORG_ID
   Brand: !ruby/object:Overrides::Terraform::ResourceOverride
     async: !ruby/object:Provider::Terraform::PollAsync
       check_response_func_existence: PollCheckForExistence