diff --git a/modules/iam-service-account/README.md b/modules/iam-service-account/README.md
index 69c06154d..cbe15b11e 100644
--- a/modules/iam-service-account/README.md
+++ b/modules/iam-service-account/README.md
@@ -24,8 +24,6 @@ module "myproject-default-service-accounts" {
}
# tftest:modules=1:resources=5
```
-
-
## Variables
@@ -38,9 +36,9 @@ module "myproject-default-service-accounts" {
| display_name | Display name of the service account to create. | string | | "Terraform-managed." |
| generate_key | Generate a key for service account. | bool | | false |
| iam | IAM bindings on the service account in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
-| iam_billing_roles | Project roles granted to the service account, by billing account id. | map(list(string)) | | {} |
-| iam_folder_roles | Project roles granted to the service account, by folder id. | map(list(string)) | | {} |
-| iam_organization_roles | Project roles granted to the service account, by organization id. | map(list(string)) | | {} |
+| iam_billing_roles | Billing account roles granted to the service account, by billing account id. Non-authoritative. | map(list(string)) | | {} |
+| iam_folder_roles | Folder roles granted to the service account, by folder id. Non-authoritative. | map(list(string)) | | {} |
+| iam_organization_roles | Organization roles granted to the service account, by organization id. Non-authoritative. | map(list(string)) | | {} |
| iam_project_roles | Project roles granted to the service account, by project id. | map(list(string)) | | {} |
| iam_storage_roles | Storage roles granted to the service account, by bucket name. | map(list(string)) | | {} |
| prefix | Prefix applied to service account names. | string | | null |
@@ -58,4 +56,3 @@ module "myproject-default-service-accounts" {
| service_account_credentials | Service account json credential templates for uploaded public keys data. | |
-
diff --git a/modules/iam-service-account/variables.tf b/modules/iam-service-account/variables.tf
index f906baa61..45cb84970 100644
--- a/modules/iam-service-account/variables.tf
+++ b/modules/iam-service-account/variables.tf
@@ -39,19 +39,19 @@ variable "iam" {
}
variable "iam_billing_roles" {
- description = "Project roles granted to the service account, by billing account id."
+ description = "Billing account roles granted to the service account, by billing account id. Non-authoritative."
type = map(list(string))
default = {}
}
variable "iam_folder_roles" {
- description = "Project roles granted to the service account, by folder id."
+ description = "Folder roles granted to the service account, by folder id. Non-authoritative."
type = map(list(string))
default = {}
}
variable "iam_organization_roles" {
- description = "Project roles granted to the service account, by organization id."
+ description = "Organization roles granted to the service account, by organization id. Non-authoritative."
type = map(list(string))
default = {}
}