diff --git a/modules/endpoints/README.md b/modules/endpoints/README.md
index adb98de55..6706c9441 100644
--- a/modules/endpoints/README.md
+++ b/modules/endpoints/README.md
@@ -1,6 +1,6 @@
 # Google Cloud Endpoints
 
-This module allows simple management of ['Google Cloud Endpoints'](https://cloud.google.com/endpoints/) services. It supports creating ['OpenAPI'](https://cloud.google.com/endpoints/docs/openapi) or ['gRPC'](https://cloud.google.com/endpoints/docs/grpc/about-grpc) endpoints. 
+This module allows simple management of ['Google Cloud Endpoints'](https://cloud.google.com/endpoints/) services. It supports creating ['OpenAPI'](https://cloud.google.com/endpoints/docs/openapi) or ['gRPC'](https://cloud.google.com/endpoints/docs/grpc/about-grpc) endpoints.
 
 ## Examples
 
@@ -12,24 +12,23 @@ module "endpoint" {
   project_id     = "my-project"
   service_name   = "YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog"
   openapi_config = { "yaml_path" = "openapi.yaml" }
-  grpc_config    = null
-  iam_members    = {
-    "servicemanagement.serviceController" = ["serviceAccount:PROJECT_NUMBER-compute@developer.gserviceaccount.com"]
+  iam    = {
+    "servicemanagement.serviceController" = ["serviceAccount:123456890-compute@developer.gserviceaccount.com"]
   }
 }
 ```
 
-[Here](https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/endpoints/getting-started/openapi.yaml) you can find an example of an openapi.yaml file. Once created the endpoint, remember to activate the service at project level. 
+[Here](https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/endpoints/getting-started/openapi.yaml) you can find an example of an openapi.yaml file. Once created the endpoint, remember to activate the service at project level.
 
 <!-- BEGIN TFDOC -->
 ## Variables
 
 | name | description | type | required | default |
 |---|---|:---: |:---:|:---:|
-| grpc_config | The configuration for a gRPC enpoint. Either this or openapi_config must be specified. | <code title="object&#40;&#123;&#10;yaml_path          &#61; string&#10;protoc_output_path &#61; string&#10;&#125;&#41;">object({...})</code> | ✓ |  |
 | openapi_config | The configuration for an OpenAPI endopoint. Either this or grpc_config must be specified. | <code title="object&#40;&#123;&#10;yaml_path &#61; string&#10;&#125;&#41;">object({...})</code> | ✓ |  |
 | service_name | The name of the service. Usually of the form '$apiname.endpoints.$projectid.cloud.goog'. | <code title="">string</code> | ✓ |  |
-| *iam_members* | Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved. | <code title="map&#40;set&#40;string&#41;&#41;">map(set(string))</code> |  | <code title="">{}</code> |
+| *grpc_config* | The configuration for a gRPC enpoint. Either this or openapi_config must be specified. | <code title="object&#40;&#123;&#10;yaml_path          &#61; string&#10;protoc_output_path &#61; string&#10;&#125;&#41;">object({...})</code> |  | <code title="">null</code> |
+| *iam* | IAM bindings for topic in {ROLE => [MEMBERS]} format. | <code title="map&#40;list&#40;string&#41;&#41;">map(list(string))</code> |  | <code title="">{}</code> |
 | *project_id* | The project ID that the service belongs to. | <code title="">string</code> |  | <code title="">null</code> |
 
 ## Outputs
diff --git a/modules/endpoints/main.tf b/modules/endpoints/main.tf
index 872b7107a..782e61ff2 100644
--- a/modules/endpoints/main.tf
+++ b/modules/endpoints/main.tf
@@ -23,7 +23,7 @@ resource "google_endpoints_service" "default" {
 }
 
 resource "google_endpoints_service_iam_binding" "default" {
-  for_each     = var.iam_members
+  for_each     = var.iam
   service_name = google_endpoints_service.default.service_name
   role         = each.key
   members      = each.value
diff --git a/modules/endpoints/variables.tf b/modules/endpoints/variables.tf
index acf23401c..1d9286f7b 100644
--- a/modules/endpoints/variables.tf
+++ b/modules/endpoints/variables.tf
@@ -20,12 +20,13 @@ variable "grpc_config" {
     yaml_path          = string
     protoc_output_path = string
   })
+  default = null
 }
 
 
-variable "iam_members" {
-  description = "Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved."
-  type        = map(set(string))
+variable "iam" {
+  description = "IAM bindings for topic in {ROLE => [MEMBERS]} format."
+  type        = map(list(string))
   default     = {}
 }
 
diff --git a/tests/modules/endpoints/__init__.py b/tests/modules/endpoints/__init__.py
new file mode 100644
index 000000000..6913f02e3
--- /dev/null
+++ b/tests/modules/endpoints/__init__.py
@@ -0,0 +1,13 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/modules/endpoints/fixture/main.tf b/tests/modules/endpoints/fixture/main.tf
new file mode 100644
index 000000000..375fc7bdc
--- /dev/null
+++ b/tests/modules/endpoints/fixture/main.tf
@@ -0,0 +1,25 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "test" {
+  source         = "../../../../modules/endpoints"
+  project_id     = "my-project"
+  service_name   = var.service_name
+  openapi_config = { "yaml_path" = "openapi.yaml" }
+  iam = {
+    "roles/servicemanagement.serviceController" = ["user:me@example.com"]
+  }
+}
diff --git a/tests/modules/endpoints/fixture/openapi.yaml b/tests/modules/endpoints/fixture/openapi.yaml
new file mode 100644
index 000000000..6913f02e3
--- /dev/null
+++ b/tests/modules/endpoints/fixture/openapi.yaml
@@ -0,0 +1,13 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/modules/endpoints/fixture/variables.tf b/tests/modules/endpoints/fixture/variables.tf
new file mode 100644
index 000000000..40ffe31ae
--- /dev/null
+++ b/tests/modules/endpoints/fixture/variables.tf
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "service_name" {
+  type    = string
+  default = "foo.endpoints.test.cloud.goog"
+}
diff --git a/tests/modules/endpoints/test_plan.py b/tests/modules/endpoints/test_plan.py
new file mode 100644
index 000000000..84bcda7b4
--- /dev/null
+++ b/tests/modules/endpoints/test_plan.py
@@ -0,0 +1,39 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import os
+import pytest
+
+
+FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
+
+
+@pytest.fixture
+def resources(plan_runner):
+  _, resources = plan_runner(FIXTURES_DIR)
+  return resources
+
+
+def test_resource_count(resources):
+  "Test number of resources created."
+  assert len(resources) == 2
+
+
+def test_iam(resources):
+  "Test IAM binding resources."
+  bindings = [r['values'] for r in resources if r['type']
+              == 'google_endpoints_service_iam_binding']
+  assert len(bindings) == 1
+  assert bindings[0]['role'] == 'roles/servicemanagement.serviceController'