diff --git a/modules/apigee/recipe-apigee-swp/README.md b/modules/apigee/recipe-apigee-swp/README.md
index c246e5df9..121d54532 100644
--- a/modules/apigee/recipe-apigee-swp/README.md
+++ b/modules/apigee/recipe-apigee-swp/README.md
@@ -54,4 +54,4 @@ module "recipe_apigee_swp" {
     subnet_proxy_only_ip_cidr_range = "10.16.2.0/24"
   }
 }
-# tftest modules=10 resources=44
+# tftest modules=10 resources=43
diff --git a/modules/project/service-agents.yaml b/modules/project/service-agents.yaml
index 1d2fea21e..805bace5e 100644
--- a/modules/project/service-agents.yaml
+++ b/modules/project/service-agents.yaml
@@ -1163,13 +1163,6 @@
   role: null
   is_primary: true
   aliases: []
-- name: ns-authz
-  display_name: Google Cloud Network Security Authz Service Account
-  api: networksecurity.googleapis.com
-  identity: service-${project_number}@gcp-sa-ns-authz.${universe_domain}iam.gserviceaccount.com
-  role: roles/networksecurity.authzServiceAgent
-  is_primary: false
-  aliases: []
 - name: osconfig-rollout
   display_name: Google Cloud OS Config Rollout Service Agent
   api: osconfig.googleapis.com
diff --git a/tests/fast/stages/s0_org_setup/not-simple.yaml b/tests/fast/stages/s0_org_setup/not-simple.yaml
index a9cb350cc..0c18590c3 100644
--- a/tests/fast/stages/s0_org_setup/not-simple.yaml
+++ b/tests/fast/stages/s0_org_setup/not-simple.yaml
@@ -2781,7 +2781,7 @@ counts:
   google_organization_iam_custom_role: 9
   google_project: 3
   google_project_iam_binding: 16
-  google_project_iam_member: 18
+  google_project_iam_member: 17
   google_project_service: 33
   google_project_service_identity: 9
   google_service_account: 16
@@ -2798,5 +2798,5 @@ counts:
   google_tags_tag_value_iam_binding: 4
   local_file: 9
   modules: 46
-  resources: 314
+  resources: 313
   terraform_data: 2
diff --git a/tests/fast/stages/s2_networking_a_simple/ncc.yaml b/tests/fast/stages/s2_networking_a_simple/ncc.yaml
index 59af96b43..dc5743c23 100644
--- a/tests/fast/stages/s2_networking_a_simple/ncc.yaml
+++ b/tests/fast/stages/s2_networking_a_simple/ncc.yaml
@@ -36,10 +36,10 @@ counts:
   google_network_connectivity_spoke: 2
   google_project: 3
   google_project_iam_binding: 2
-  google_project_iam_member: 24
+  google_project_iam_member: 22
   google_project_service: 28
   google_project_service_identity: 22
   google_storage_bucket_object: 2
   google_tags_tag_binding: 3
   modules: 23
-  resources: 191
+  resources: 189
diff --git a/tests/fast/stages/s2_networking_a_simple/simple.yaml b/tests/fast/stages/s2_networking_a_simple/simple.yaml
index 3f3b4c8ce..f5dfc8376 100644
--- a/tests/fast/stages/s2_networking_a_simple/simple.yaml
+++ b/tests/fast/stages/s2_networking_a_simple/simple.yaml
@@ -40,11 +40,11 @@ counts:
   google_monitoring_monitored_project: 2
   google_project: 3
   google_project_iam_binding: 2
-  google_project_iam_member: 24
+  google_project_iam_member: 22
   google_project_service: 28
   google_project_service_identity: 22
   google_storage_bucket_object: 2
   google_tags_tag_binding: 3
   modules: 28
   random_id: 3
-  resources: 208
+  resources: 206
diff --git a/tests/fast/stages/s2_networking_a_simple/vpn.yaml b/tests/fast/stages/s2_networking_a_simple/vpn.yaml
index 4b711fb60..a11f780da 100644
--- a/tests/fast/stages/s2_networking_a_simple/vpn.yaml
+++ b/tests/fast/stages/s2_networking_a_simple/vpn.yaml
@@ -38,11 +38,11 @@ counts:
   google_monitoring_monitored_project: 2
   google_project: 3
   google_project_iam_binding: 2
-  google_project_iam_member: 24
+  google_project_iam_member: 22
   google_project_service: 28
   google_project_service_identity: 22
   google_storage_bucket_object: 2
   google_tags_tag_binding: 3
   modules: 30
   random_id: 17
-  resources: 255
+  resources: 253
diff --git a/tests/fast/stages/s2_networking_b_nva/ncc-ra.yaml b/tests/fast/stages/s2_networking_b_nva/ncc-ra.yaml
index 28c84e930..2285b831d 100644
--- a/tests/fast/stages/s2_networking_b_nva/ncc-ra.yaml
+++ b/tests/fast/stages/s2_networking_b_nva/ncc-ra.yaml
@@ -43,11 +43,11 @@ counts:
   google_network_connectivity_spoke: 4
   google_project: 3
   google_project_iam_binding: 2
-  google_project_iam_member: 24
+  google_project_iam_member: 22
   google_project_service: 28
   google_project_service_identity: 22
   google_storage_bucket_object: 2
   google_tags_tag_binding: 3
   modules: 38
   random_id: 6
-  resources: 275
+  resources: 273
diff --git a/tests/fast/stages/s2_networking_b_nva/regional.yaml b/tests/fast/stages/s2_networking_b_nva/regional.yaml
index 5e08d85a3..ddfa0efa5 100644
--- a/tests/fast/stages/s2_networking_b_nva/regional.yaml
+++ b/tests/fast/stages/s2_networking_b_nva/regional.yaml
@@ -45,11 +45,11 @@ counts:
   google_monitoring_monitored_project: 2
   google_project: 3
   google_project_iam_binding: 2
-  google_project_iam_member: 24
+  google_project_iam_member: 22
   google_project_service: 28
   google_project_service_identity: 22
   google_storage_bucket_object: 2
   google_tags_tag_binding: 3
   modules: 46
   random_id: 6
-  resources: 285
+  resources: 283
diff --git a/tests/fast/stages/s2_networking_b_nva/simple.yaml b/tests/fast/stages/s2_networking_b_nva/simple.yaml
index 777d7c8ac..a924b690e 100644
--- a/tests/fast/stages/s2_networking_b_nva/simple.yaml
+++ b/tests/fast/stages/s2_networking_b_nva/simple.yaml
@@ -45,11 +45,11 @@ counts:
   google_monitoring_monitored_project: 2
   google_project: 3
   google_project_iam_binding: 2
-  google_project_iam_member: 24
+  google_project_iam_member: 22
   google_project_service: 28
   google_project_service_identity: 22
   google_storage_bucket_object: 2
   google_tags_tag_binding: 3
   modules: 42
   random_id: 6
-  resources: 261
+  resources: 259
diff --git a/tests/fast/stages/s2_networking_c_separate_envs/simple.yaml b/tests/fast/stages/s2_networking_c_separate_envs/simple.yaml
index 89a29d649..44879471c 100644
--- a/tests/fast/stages/s2_networking_c_separate_envs/simple.yaml
+++ b/tests/fast/stages/s2_networking_c_separate_envs/simple.yaml
@@ -38,11 +38,11 @@ counts:
   google_monitoring_dashboard: 6
   google_project: 2
   google_project_iam_binding: 2
-  google_project_iam_member: 20
+  google_project_iam_member: 18
   google_project_service: 22
   google_project_service_identity: 18
   google_storage_bucket_object: 2
   google_tags_tag_binding: 2
   modules: 23
   random_id: 6
-  resources: 233
+  resources: 231
diff --git a/tests/modules/net_vpc_factory/ncc.yaml b/tests/modules/net_vpc_factory/ncc.yaml
index 4b45eb9e2..f77f0909a 100644
--- a/tests/modules/net_vpc_factory/ncc.yaml
+++ b/tests/modules/net_vpc_factory/ncc.yaml
@@ -32,9 +32,9 @@ counts:
   google_network_connectivity_hub: 1
   google_network_connectivity_spoke: 3
   google_project: 3
-  google_project_iam_member: 24
+  google_project_iam_member: 21
   google_project_service: 27
   google_project_service_identity: 21
   modules: 17
   random_id: 3
-  resources: 139
+  resources: 136
diff --git a/tests/modules/net_vpc_factory/only_projects.yaml b/tests/modules/net_vpc_factory/only_projects.yaml
index bbe208a05..0c12c5ee8 100644
--- a/tests/modules/net_vpc_factory/only_projects.yaml
+++ b/tests/modules/net_vpc_factory/only_projects.yaml
@@ -14,8 +14,8 @@
 
 counts:
   google_project: 3
-  google_project_iam_member: 24
+  google_project_iam_member: 21
   google_project_service: 27
   google_project_service_identity: 21
   modules: 3
-  resources: 75
+  resources: 72
diff --git a/tests/modules/net_vpc_factory/peering.yaml b/tests/modules/net_vpc_factory/peering.yaml
index cd34a4f83..275950f99 100644
--- a/tests/modules/net_vpc_factory/peering.yaml
+++ b/tests/modules/net_vpc_factory/peering.yaml
@@ -30,9 +30,9 @@ counts:
   google_dns_policy: 4
   google_dns_record_set: 1
   google_project: 3
-  google_project_iam_member: 24
+  google_project_iam_member: 21
   google_project_service: 27
   google_project_service_identity: 21
   modules: 18
   random_id: 3
-  resources: 142
+  resources: 139
diff --git a/tests/modules/net_vpc_factory/separate_envs.yaml b/tests/modules/net_vpc_factory/separate_envs.yaml
index 221d45505..90792884e 100644
--- a/tests/modules/net_vpc_factory/separate_envs.yaml
+++ b/tests/modules/net_vpc_factory/separate_envs.yaml
@@ -27,9 +27,9 @@ counts:
   google_compute_vpn_tunnel: 2
   google_dns_policy: 2
   google_project: 3
-  google_project_iam_member: 24
+  google_project_iam_member: 21
   google_project_service: 27
   google_project_service_identity: 21
   modules: 11
   random_id: 4
-  resources: 117
+  resources: 114
diff --git a/tests/modules/net_vpc_factory/vpn.yaml b/tests/modules/net_vpc_factory/vpn.yaml
index c8d8b574e..712055636 100644
--- a/tests/modules/net_vpc_factory/vpn.yaml
+++ b/tests/modules/net_vpc_factory/vpn.yaml
@@ -29,9 +29,9 @@ counts:
   google_dns_policy: 4
   google_dns_record_set: 1
   google_project: 3
-  google_project_iam_member: 24
+  google_project_iam_member: 21
   google_project_service: 27
   google_project_service_identity: 21
   modules: 22
   random_id: 15
-  resources: 178
+  resources: 175
diff --git a/tools/build_service_agents.py b/tools/build_service_agents.py
index eddab41f6..cd84fd985 100755
--- a/tools/build_service_agents.py
+++ b/tools/build_service_agents.py
@@ -54,8 +54,8 @@ ALIASES = {
 }
 
 IGNORED_AGENTS = [
-    # Alloydb has two agents. Ignore the non-primary one
-    'c-PROJECT_NUMBER-IDENTIFIER@gcp-sa-alloydb.iam.gserviceaccount.com'
+    # gcp-sa-ns-authz agent gets created on first create op
+    'service-PROJECT_NUMBER@gcp-sa-ns-authz.iam.gserviceaccount.com'
 ]
 
 AGENT_NAME_OVERRIDE = {