diff --git a/fast/stages/0-bootstrap/data/org-policies-managed/serverless.yaml b/fast/stages/0-bootstrap/data/org-policies-managed/serverless.yaml
index c1b939d44..85ed3553f 100644
--- a/fast/stages/0-bootstrap/data/org-policies-managed/serverless.yaml
+++ b/fast/stages/0-bootstrap/data/org-policies-managed/serverless.yaml
@@ -24,6 +24,10 @@ run.allowedIngress:
         values:
           - is:internal-and-cloud-load-balancing
 
+run.managed.requireInvokerIam:
+  rules:
+    - enforce: true
+
 # run.allowedVPCEgress:
 #   rules:
 #   - allow:
diff --git a/fast/stages/0-bootstrap/data/org-policies/serverless.yaml b/fast/stages/0-bootstrap/data/org-policies/serverless.yaml
index c1b939d44..85ed3553f 100644
--- a/fast/stages/0-bootstrap/data/org-policies/serverless.yaml
+++ b/fast/stages/0-bootstrap/data/org-policies/serverless.yaml
@@ -24,6 +24,10 @@ run.allowedIngress:
         values:
           - is:internal-and-cloud-load-balancing
 
+run.managed.requireInvokerIam:
+  rules:
+    - enforce: true
+
 # run.allowedVPCEgress:
 #   rules:
 #   - allow:
diff --git a/tests/fast/stages/s0_bootstrap/cicd.yaml b/tests/fast/stages/s0_bootstrap/cicd.yaml
index d10107d57..fea592fea 100644
--- a/tests/fast/stages/s0_bootstrap/cicd.yaml
+++ b/tests/fast/stages/s0_bootstrap/cicd.yaml
@@ -335,7 +335,7 @@ counts:
   google_logging_organization_sink: 4
   google_logging_project_bucket_config: 4
   google_org_policy_custom_constraint: 1
-  google_org_policy_policy: 34
+  google_org_policy_policy: 35
   google_organization_iam_binding: 27
   google_organization_iam_custom_role: 13
   google_organization_iam_member: 29
@@ -356,4 +356,4 @@ counts:
   google_tags_tag_value: 2
   local_file: 13
   modules: 26
-  resources: 282
+  resources: 283
diff --git a/tests/fast/stages/s0_bootstrap/simple.yaml b/tests/fast/stages/s0_bootstrap/simple.yaml
index 88bfee98f..0a397150c 100644
--- a/tests/fast/stages/s0_bootstrap/simple.yaml
+++ b/tests/fast/stages/s0_bootstrap/simple.yaml
@@ -20,7 +20,7 @@ counts:
   google_logging_organization_sink: 4
   google_logging_project_bucket_config: 4
   google_org_policy_custom_constraint: 1
-  google_org_policy_policy: 34
+  google_org_policy_policy: 35
   google_organization_iam_binding: 27
   google_organization_iam_custom_role: 13
   google_organization_iam_member: 29
@@ -41,7 +41,7 @@ counts:
   google_tags_tag_value: 2
   local_file: 8
   modules: 20
-  resources: 245
+  resources: 246
 
 outputs:
   automation: __missing__
@@ -113,4 +113,3 @@ outputs:
   workload_identity_pool:
     pool: null
     providers: {}
-
diff --git a/tests/fast/stages/s0_bootstrap/simple_org_policies.yaml b/tests/fast/stages/s0_bootstrap/simple_org_policies.yaml
index c287eec4d..64a891b32 100644
--- a/tests/fast/stages/s0_bootstrap/simple_org_policies.yaml
+++ b/tests/fast/stages/s0_bootstrap/simple_org_policies.yaml
@@ -465,6 +465,21 @@ values:
         - allowed_values:
           - is:internal-and-cloud-load-balancing
           denied_values: null
+  module.organization.google_org_policy_policy.default["run.managed.requireInvokerIam"]:
+    dry_run_spec: []
+    name: organizations/123456789012/policies/run.managed.requireInvokerIam
+    parent: organizations/123456789012
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'TRUE'
+        parameters: null
+        values: []
+    timeouts: null
   module.organization.google_org_policy_policy.default["sql.restrictAuthorizedNetworks"]:
     dry_run_spec: []
     name: organizations/123456789012/policies/sql.restrictAuthorizedNetworks