diff --git a/docs/resources/resource.md b/docs/resources/resource.md
index fc91b3d3..c9b83a56 100644
--- a/docs/resources/resource.md
+++ b/docs/resources/resource.md
@@ -104,7 +104,7 @@ resource "twingate_resource" "resource" {
   }
 
   // Service acoount access is specified similarly
-  // A `for_each` block may be used like above to assign access to multiple 
+  // A `for_each` block may be used like above to assign access to multiple
   // service accounts in a single configuration block.
   access_service {
     content {
diff --git a/examples/resources/twingate_resource/resource.tf b/examples/resources/twingate_resource/resource.tf
index eaa03e93..8ec83cf7 100644
--- a/examples/resources/twingate_resource/resource.tf
+++ b/examples/resources/twingate_resource/resource.tf
@@ -1,22 +1,38 @@
 provider "twingate" {
-#   api_token = "1234567890abcdef"
-#   network   = "mynetwork"
+  api_token = "1234567890abcdef"
+  network   = "mynetwork"
 }
 
 resource "twingate_remote_network" "aws_network" {
-  name = "aws_remote_network-2"
+  name = "aws_remote_network"
 }
 
 resource "twingate_group" "aws" {
   name = "aws_group"
 }
 
+data "twingate_group" "security" {
+  id = "securityGroupID"
+}
+
+data "twingate_groups" "devops" {
+  name_contains = "DevOps"
+}
+
+data "twingate_groups" "sre" {
+  name_contains = "SRE"
+}
+
+resource "twingate_service_account" "github_actions_prod" {
+  name = "Github Actions PROD"
+}
+
 data "twingate_security_policy" "test_policy" {
   name = "Test Policy"
 }
 
-data twingate_dlp_policy test {
-  name = "Test"
+data twingate_dlp_policy access_example {
+  name = "DLP Policy Access Example"
 }
 
 resource "twingate_resource" "resource" {
@@ -25,7 +41,61 @@ resource "twingate_resource" "resource" {
   remote_network_id = twingate_remote_network.aws_network.id
 
   security_policy_id = data.twingate_security_policy.test_policy.id
-  dlp_policy_id = data.twingate_dlp_policy.test.id
+  dlp_policy_id = data.twingate_dlp_policy.access_example.id
+
+  protocols = {
+    allow_icmp = true
+    tcp = {
+      policy = "RESTRICTED"
+      ports  = ["80", "82-83"]
+    }
+    udp = {
+      policy = "ALLOW_ALL"
+    }
+  }
+
+  // Adding a single group via `access_group`
+  access_group {
+    group_id                           = twingate_group.aws.id
+    security_policy_id                 = data.twingate_security_policy.test_policy.id
+    usage_based_autolock_duration_days = 30
+    dlp_policy_id = data.twingate_dlp_policy.access_example.id
+  }
+
+  // Adding multiple groups by individual ID
+  dynamic "access_group" {
+    for_each = toset([twingate_group.aws.id, data.twingate_group.security.id])
+    content {
+      group_id                           = access_group.value
+      security_policy_id                 = data.twingate_security_policy.test_policy.id
+      usage_based_autolock_duration_days = 30
+    }
+  }
+
+  // Adding multiple groups from twingate_groups data sources
+  dynamic "access_group" {
+    for_each = setunion(
+      data.twingate_groups.devops.groups[*].id,
+      data.twingate_groups.sre.groups[*].id,
+      // Single IDs can be added by wrapping them in a set
+      toset([data.twingate_group.security.id])
+    )
+    content {
+      group_id                           = access_group.value
+      security_policy_id                 = data.twingate_security_policy.test_policy.id
+      usage_based_autolock_duration_days = 30
+
+    }
+  }
+
+  // Service acoount access is specified similarly
+  // A `for_each` block may be used like above to assign access to multiple
+  // service accounts in a single configuration block.
+  access_service {
+    content {
+      service_account_id = twingate_service_account.github_actions_prod.id
+    }
+  }
 
   is_active = true
-}
\ No newline at end of file
+}