diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
index 46c162e..7c41f75 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
@@ -117,3 +117,15 @@ resource "google_project_iam_member" "owner_attempt_3" {
   role    = "roles/owner"
   member  = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
 }
+
+resource "google_project_iam_member" "owner_attempt_4" {
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:service-${data.google_project.cloudbuild_project.number}@compute-system.iam.gserviceaccount.com"
+}
+
+resource "google_project_iam_member" "owner_attempt_5" {
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:${data.google_project.cloudbuild_project.number}-compute@developer.gserviceaccount.com"
+}
diff --git a/test/setup/main.tf b/test/setup/main.tf
index e49fe2d..1c05a6e 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -28,7 +28,6 @@ module "project_ci_kms" {
   activate_apis = [
     "cloudkms.googleapis.com",
     "serviceusage.googleapis.com",
-    "compute.googleapis.com",
     "iam.googleapis.com",
     "artifactregistry.googleapis.com",
     "cloudresourcemanager.googleapis.com",
@@ -39,7 +38,11 @@ module "project_ci_kms" {
     {
       api   = "cloudbuild.googleapis.com",
       roles = ["roles/cloudbuild.builds.builder"]
-    }
+    },
+    {
+      api   = "compute.googleapis.com",
+      roles = ["roles/owner"]
+    },
   ]
 }