diff --git a/examples/root-example/README.md b/examples/root-example/README.md
index 38e2eaa3ff2cabf68b633a0ab2bb8f4e2850b41b..9c981f7384c5424d7fd2b576f30ce2ad1dfd067c 100644
--- a/examples/root-example/README.md
+++ b/examples/root-example/README.md
@@ -1,6 +1,6 @@
 # Simple example
 
-This is a simple example of storing depploying a cloud run enviroment into a
+This is a simple example of deploying a Cloud Run hosted container into a
 GCP project. Specify the project to deploy into and the sql instance to connect to
 on the command line. The sql instance connection is optional, use an empty string 
 if you do not want to connect Cloud Run to a SQL instance.
diff --git a/main.tf b/main.tf
index 514f1b75c1ffea1bb7f9bd881b60ba4787a79a39..8435956c99b909e04662b7fcba11c42dec3c2095 100644
--- a/main.tf
+++ b/main.tf
@@ -99,7 +99,7 @@ resource "google_cloud_run_service" "webapp" {
 
 # Allow unauthenticated invocations for the webapp.
 resource "google_cloud_run_service_iam_member" "webapp_all_users_invoker" {
-  count    = var.webapp_open
+  count    = var.allow_unauthenticated_invocations ? 1 : 0
   location = google_cloud_run_service.webapp.location
   project  = google_cloud_run_service.webapp.project
   service  = google_cloud_run_service.webapp.name
diff --git a/variables.tf b/variables.tf
index 43ff18fb347c8b2e51a1c1202f03b424b4f63b25..e21e9ce87ee5be2d2fb700eb7b0bd706a28d5ee3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -39,16 +39,20 @@ variable "container_concurrency" {
 }
 
 variable "cpu_limit" {
-  description = "CPU limit for the deployed container. Defaults to 1 CPU."
+  description = "CPU limit for the deployed container. Defaults to 1 CPU, '1000m'."
   default     = "1000m"
 }
 
 variable "memory_limit" {
-  description = "Memory limit for the deployed container. Defaults to 512 MB."
+  description = "Memory limit for the deployed container. Defaults to 512 MB, '512M'."
   default     = "512M"
 }
 
-variable "webapp_open" {
-  description = "By default Cloud Run does not allow non-authenticated traffic to the web app. This settings changes that default to be open to all traffic (value of 1). Change it to 0 if you don't want to change default behaviour."
-  default     = 1
+variable "allow_unauthenticated_invocations" {
+  description = <<EOI
+If true, the webapp will allow unauthenticated invocations. If false, the webapp requires authentication
+as a Google user with the Cloud Run invoker permission on the deployment.
+EOI
+  type        = bool
+  default     = true
 }