diff --git a/iam_workload_identity_pool_full_federation_only_mode/backing_file.tf b/iam_workload_identity_pool_full_federation_only_mode/backing_file.tf
new file mode 100644
index 00000000..c60b1199
--- /dev/null
+++ b/iam_workload_identity_pool_full_federation_only_mode/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+  name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+  length = 2
+}
+
+provider "google" {
+  region = "us-central1"
+  zone   = "us-central1-c"
+}
diff --git a/iam_workload_identity_pool_full_federation_only_mode/main.tf b/iam_workload_identity_pool_full_federation_only_mode/main.tf
new file mode 100644
index 00000000..bc77cecc
--- /dev/null
+++ b/iam_workload_identity_pool_full_federation_only_mode/main.tf
@@ -0,0 +1,7 @@
+resource "google_iam_workload_identity_pool" "example" {
+  workload_identity_pool_id = "example-pool-${local.name_suffix}"
+  display_name              = "Name of the pool"
+  description               = "Identity pool operates in FEDERATION_ONLY mode"
+  disabled                  = true
+  mode                      = "FEDERATION_ONLY"
+}
diff --git a/iam_workload_identity_pool_full_federation_only_mode/motd b/iam_workload_identity_pool_full_federation_only_mode/motd
new file mode 100644
index 00000000..45a906e8
--- /dev/null
+++ b/iam_workload_identity_pool_full_federation_only_mode/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/iam_workload_identity_pool_full_federation_only_mode/tutorial.md b/iam_workload_identity_pool_full_federation_only_mode/tutorial.md
new file mode 100644
index 00000000..9d9d6b52
--- /dev/null
+++ b/iam_workload_identity_pool_full_federation_only_mode/tutorial.md
@@ -0,0 +1,79 @@
+# Iam Workload Identity Pool Full Federation Only Mode - Terraform
+
+## Setup
+
+<walkthrough-author name="rileykarson@google.com" analyticsId="UA-125550242-1" tutorialName="iam_workload_identity_pool_full_federation_only_mode" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+<walkthrough-project-billing-setup></walkthrough-project-billing-setup>
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```
diff --git a/iam_workload_identity_pool_full_trust_domain_mode/backing_file.tf b/iam_workload_identity_pool_full_trust_domain_mode/backing_file.tf
new file mode 100644
index 00000000..c60b1199
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+  name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+  length = 2
+}
+
+provider "google" {
+  region = "us-central1"
+  zone   = "us-central1-c"
+}
diff --git a/iam_workload_identity_pool_full_trust_domain_mode/main.tf b/iam_workload_identity_pool_full_trust_domain_mode/main.tf
new file mode 100644
index 00000000..55d4a4c1
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode/main.tf
@@ -0,0 +1,36 @@
+resource "google_iam_workload_identity_pool" "example" {
+  workload_identity_pool_id = "example-pool-${local.name_suffix}"
+  display_name              = "Name of the pool"
+  description               = "Identity pool operates in TRUST_DOMAIN mode"
+  disabled                  = true
+  mode                      = "TRUST_DOMAIN"
+  inline_certificate_issuance_config {
+    ca_pools = {      
+      "us-central1" : "projects/project-bar/locations/us-central1/caPools/ca-pool-bar"
+      "asia-east2" : "projects/project-foo/locations/asia-east2/caPools/ca-pool-foo"
+    }
+    lifetime                   = "86400s"
+    rotation_window_percentage = 50
+    key_algorithm              = "ECDSA_P256"
+  }
+  inline_trust_config {
+    additional_trust_bundles {
+      trust_domain = "example.com"
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_1.pem")
+      }
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_2.pem")
+      }
+    }
+    additional_trust_bundles {
+      trust_domain = "example.net"
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_3.pem")
+      }
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_4.pem")
+      }
+    }
+  }
+}
diff --git a/iam_workload_identity_pool_full_trust_domain_mode/motd b/iam_workload_identity_pool_full_trust_domain_mode/motd
new file mode 100644
index 00000000..45a906e8
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/iam_workload_identity_pool_full_trust_domain_mode/tutorial.md b/iam_workload_identity_pool_full_trust_domain_mode/tutorial.md
new file mode 100644
index 00000000..00f5bb17
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode/tutorial.md
@@ -0,0 +1,79 @@
+# Iam Workload Identity Pool Full Trust Domain Mode - Terraform
+
+## Setup
+
+<walkthrough-author name="rileykarson@google.com" analyticsId="UA-125550242-1" tutorialName="iam_workload_identity_pool_full_trust_domain_mode" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+<walkthrough-project-billing-setup></walkthrough-project-billing-setup>
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```
diff --git a/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/backing_file.tf b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/backing_file.tf
new file mode 100644
index 00000000..c60b1199
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+  name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+  length = 2
+}
+
+provider "google" {
+  region = "us-central1"
+  zone   = "us-central1-c"
+}
diff --git a/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/main.tf b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/main.tf
new file mode 100644
index 00000000..369cdfce
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/main.tf
@@ -0,0 +1,33 @@
+resource "google_iam_workload_identity_pool" "example" {
+  workload_identity_pool_id = "example-pool-${local.name_suffix}"
+  display_name              = "Name of the pool"
+  description               = "Identity pool operates in TRUST_DOMAIN mode"
+  disabled                  = true
+  mode                      = "TRUST_DOMAIN"
+  inline_certificate_issuance_config {
+    use_default_shared_ca      = true
+    lifetime                   = "86400s"
+    rotation_window_percentage = 50
+    key_algorithm              = "ECDSA_P256"
+  }
+  inline_trust_config {
+    additional_trust_bundles {
+      trust_domain = "example.com"
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_1.pem")
+      }
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_2.pem")
+      }
+    }
+    additional_trust_bundles {
+      trust_domain = "example.net"
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_3.pem")
+      }
+      trust_anchors {
+        pem_certificate = file("test-fixtures/trust_anchor_4.pem")
+      }
+    }
+  }
+}
diff --git a/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/motd b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/motd
new file mode 100644
index 00000000..45a906e8
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/tutorial.md b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/tutorial.md
new file mode 100644
index 00000000..8dd33faf
--- /dev/null
+++ b/iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca/tutorial.md
@@ -0,0 +1,79 @@
+# Iam Workload Identity Pool Full Trust Domain Mode With Default Shared Ca - Terraform
+
+## Setup
+
+<walkthrough-author name="rileykarson@google.com" analyticsId="UA-125550242-1" tutorialName="iam_workload_identity_pool_full_trust_domain_mode_with_default_shared_ca" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+<walkthrough-project-billing-setup></walkthrough-project-billing-setup>
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```