diff --git a/privateca_certificate_authority_subordinate/main.tf b/privateca_certificate_authority_subordinate/main.tf
index 17d2f551..581e0e11 100644
--- a/privateca_certificate_authority_subordinate/main.tf
+++ b/privateca_certificate_authority_subordinate/main.tf
@@ -2,8 +2,6 @@ resource "google_privateca_certificate_authority" "root-ca" {
   pool = "ca-pool-${local.name_suffix}"
   certificate_authority_id = "my-certificate-authority-${local.name_suffix}-root"
   location = "us-central1"
-  deletion_protection = false
-  ignore_active_certificates_on_deletion = true
   config {
     subject_config {
       subject {
@@ -34,6 +32,11 @@ resource "google_privateca_certificate_authority" "root-ca" {
   key_spec {
     algorithm = "RSA_PKCS1_4096_SHA256"
   }
+
+  // Disable CA deletion related safe checks for easier cleanup.
+  deletion_protection                    = false
+  skip_grace_period                      = true
+  ignore_active_certificates_on_deletion = true
 }
 
 resource "google_privateca_certificate_authority" "default" {