diff --git a/modules/cloud-run-v2/service.tf b/modules/cloud-run-v2/service.tf
index b93f2efe3..ac175f7a1 100644
--- a/modules/cloud-run-v2/service.tf
+++ b/modules/cloud-run-v2/service.tf
@@ -527,9 +527,9 @@ resource "google_cloud_run_v2_service_iam_binding" "binding" {
 
 locals {
 
-  iap_member_list = toset(coalesce(var.iap_config.iam_additive, []))
+  iap_member_list = toset(try(coalesce(var.iap_config.iam_additive, []), []))
 
-  use_iap_iam_binding = var.iap_config != null && var.iap_config.iam != null
+  use_iap_iam_binding = var.iap_config != null && try(var.iap_config.iam,null) != null
   iap_binding_dict    = local.use_iap_iam_binding ? { "iap" = var.iap_config.iam } : {}
 
 }
diff --git a/modules/cloud-run-v2/variables.tf b/modules/cloud-run-v2/variables.tf
index 8f507c54c..dfbe9531d 100644
--- a/modules/cloud-run-v2/variables.tf
+++ b/modules/cloud-run-v2/variables.tf
@@ -140,16 +140,16 @@ variable "iap_config" {
 
   validation {
     condition = var.iap_config == null || (
-      (var.iap_config.iam != null && var.iap_config.iam_additive == null) ||
-      (var.iap_config.iam == null && var.iap_config.iam_additive != null)
+      (try(var.iap_config.iam,null) != null && try(var.iap_config.iam_additive,null) == null) ||
+      (try(var.iap_config.iam,null) == null && try(var.iap_config.iam_additive,null) != null)
     )
     error_message = "When iap_config is provided, exactly one of 'iam' or 'iam_additive' must be specified."
   }
 
   validation {
     condition = var.iap_config == null || (
-      (var.iap_config.iam != null ? length(var.iap_config.iam) > 0 : true) &&
-      (var.iap_config.iam_additive != null ? length(var.iap_config.iam_additive) > 0 : true)
+      (try(var.iap_config.iam,null) != null ? length(var.iap_config.iam) > 0 : true) &&
+      (try(var.iap_config.iam_additive,null) != null ? length(var.iap_config.iam_additive) > 0 : true)
     )
     error_message = "When 'iam' or 'iam_additive' lists are provided in iap_config, they must not be empty."
   }