diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
index 61586fb6..2f042bac 100644
--- a/modules/core_project_factory/main.tf
+++ b/modules/core_project_factory/main.tf
@@ -128,7 +128,7 @@ resource "google_compute_shared_vpc_service_project" "shared_vpc_attachment" {
   Default compute service account retrieval
  *****************************************/
 data "google_compute_default_service_account" "default" {
-  project = "${google_project.main.id}"
+  project = "${google_project.main.project_id}"
 
   depends_on = ["google_project_service.project_services"]
 }
diff --git a/test/fixtures/full/main.tf b/test/fixtures/full/main.tf
index 6400cf99..79a211b4 100644
--- a/test/fixtures/full/main.tf
+++ b/test/fixtures/full/main.tf
@@ -50,7 +50,8 @@ module "vpc" {
   source       = "terraform-google-modules/network/google"
   version      = "~> 0.4.0"
   network_name = "pf-test-int-full-${random_string.suffix.result}"
-  project_id   = "${var.shared_vpc}"
+
+  project_id = "${var.shared_vpc}"
 
   # The provided project must already be a Shared VPC host
   shared_vpc_host = "false"
@@ -89,11 +90,12 @@ module "project-factory" {
   group_role          = "${var.group_role}"
   group_name          = "${var.group_name}"
   shared_vpc          = "${var.shared_vpc}"
-  shared_vpc_subnets  = "${local.shared_vpc_subnets}"
-  sa_role             = "${var.sa_role}"
-  sa_group            = "${var.sa_group}"
-  credentials_path    = "${var.credentials_path}"
-  lien                = "true"
+
+  shared_vpc_subnets = "${local.shared_vpc_subnets}"
+  sa_role            = "${var.sa_role}"
+  sa_group           = "${var.sa_group}"
+  credentials_path   = "${var.credentials_path}"
+  lien               = "true"
 
   activate_apis = [
     "compute.googleapis.com",
diff --git a/test/integration/full/controls/gsuite.rb b/test/integration/full/controls/gsuite.rb
index d8c53757..bfe0e699 100644
--- a/test/integration/full/controls/gsuite.rb
+++ b/test/integration/full/controls/gsuite.rb
@@ -18,6 +18,7 @@
 project_id                  = attribute('project_id')
 service_account_email       = attribute('service_account_email')
 credentials_path            = attribute('credentials_path')
+gsuite_admin_account        = attribute('gsuite_admin_account')
 
 ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = File.absolute_path(
   credentials_path,
@@ -74,4 +75,9 @@
       )
     end
   end
+
+  describe command("./test/scripts/gsuite/gsuite_groups.py --sa-json-credentials=#{credentials_path} --group-email #{group_email} --impersonate-user #{gsuite_admin_account}") do
+    its('exit_status') { should eq 0 }
+    its('stderr') { should eq '' }
+  end
 end
diff --git a/test/scripts/gsuite/gsuite_groups.py b/test/scripts/gsuite/gsuite_groups.py
new file mode 100755
index 00000000..05bf2181
--- /dev/null
+++ b/test/scripts/gsuite/gsuite_groups.py
@@ -0,0 +1,63 @@
+#! /usr/bin/env python3
+
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+from googleapiclient.errors import HttpError
+from googleapiclient.discovery import build
+from google.oauth2 import service_account
+
+SCOPES = ['https://www.googleapis.com/auth/admin.directory.group']
+
+
+def authenticate(impersonated_user, sa_json_file_path, scopes):
+    print('Getting delegated credentials for %s' % impersonated_user)
+
+    return service_account.Credentials.from_service_account_file(
+        sa_json_file_path,
+        scopes=scopes,
+        subject=impersonated_user
+    )
+
+
+
+def group_exists(service, group_email):
+    try:
+        return service.groups().get(groupKey=group_email).execute()
+    except HttpError as e:
+        if e.resp.status == 404:
+            print('Group %s does not exist' % group_email)
+            exit(1)
+        else:
+            print('Error fetching groups %s %s' % e.content, e.error_details)
+            exit(2)
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description='Test if the specified G Suite exists')
+    parser.add_argument('--sa-json-credentials', dest='sa_json_credentials')
+    parser.add_argument('--group-email', dest='group_email')
+    parser.add_argument('--impersonate-user', dest='impersonate_user')
+    args = parser.parse_args()
+
+    service = build("admin",
+                    "directory_v1",
+                    credentials=authenticate(
+                        args.impersonate_user,
+                        args.sa_json_credentials,
+                        SCOPES)
+                    )
+    group_exists(service, args.group_email)