diff --git a/mmv1/products/networksecurity/ProjectAddressGroup.yaml b/mmv1/products/networksecurity/ProjectAddressGroup.yaml
new file mode 100644
index 000000000000..257e77f6e286
--- /dev/null
+++ b/mmv1/products/networksecurity/ProjectAddressGroup.yaml
@@ -0,0 +1,65 @@
+# Copyright 2023 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Resource
+name: "ProjectAddressGroup"
+legacy_name: 'google_network_security_address_group'
+base_url: "projects/{{project}}/locations/{{location}}/addressGroups"
+self_link: "projects/{{project}}/locations/{{location}}/addressGroups/{{name}}"
+# This resource is only used to generate IAM resources. They do not correspond to real
+# GCP resources, and should not be used to generate anything other than IAM support.
+# IAM resources for AddressGroup are moved to a separate configuration because the AddressGroup
+# resourcesupports both organization and project levels,
+# but IAM support exists only on the project level Address Groups
+description: |
+  Only used to generate IAM resources for project level address groups
+exclude_tgc: true
+exclude_resource: true
+iam_policy: !ruby/object:Api::Resource::IamPolicy
+  method_name_separator: ":"
+  allowed_iam_role: 'roles/compute.networkAdmin'
+  parent_resource_type: "google_network_security_address_group"
+  parent_resource_attribute: "name"
+  skip_import_test: true
+  base_url: "projects/{{project}}/locations/{{location}}/addressGroups/{{name}}"
+  iam_conditions_request_type: null
+  example_config_body: "templates/terraform/iam/example_config_body/networksecurity_project_address_group.tf.erb"
+  import_format:
+    [
+      "projects/{{project}}/locations/{{location}}/addressGroups/{{name}}",
+      "{{project}}/{{location}}/{{name}}",
+      "{{location}}/{{name}}",
+      "{{name}}",
+    ]
+id_format: "projects/{{project}}/locations/{{location}}/addressGroups/{{name}}"
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    name: "network_security_address_groups_basic"
+    primary_resource_id: "default"
+    vars:
+      resource_name: "my-project-address-group"
+    test_env_vars:
+      project: :PROJECT_NAME
+properties:
+  - !ruby/object:Api::Type::String
+    name: "name"
+    required: true
+    url_param_only: true
+    description: |
+      Name of the AddressGroup resource.
+  - !ruby/object:Api::Type::String
+    name: "location"
+    required: true
+    description: |
+      The location of the gateway security policy.
+    url_param_only: true
diff --git a/mmv1/templates/terraform/iam/example_config_body/networksecurity_project_address_group.tf.erb b/mmv1/templates/terraform/iam/example_config_body/networksecurity_project_address_group.tf.erb
new file mode 100644
index 000000000000..904285d85297
--- /dev/null
+++ b/mmv1/templates/terraform/iam/example_config_body/networksecurity_project_address_group.tf.erb
@@ -0,0 +1,3 @@
+project = "%{project}"
+location = google_network_security_address_group.default.location
+name = google_network_security_address_group.default.name
\ No newline at end of file