diff --git a/modules/acm/README.md b/modules/acm/README.md
index ad34beda3..4548b4325 100644
--- a/modules/acm/README.md
+++ b/modules/acm/README.md
@@ -45,18 +45,18 @@ By default, this module will attempt to download the ACM operator from Google di
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | cluster\_endpoint | Kubernetes cluster endpoint. | string | n/a | yes |
-| cluster\_name | The unique name to identify the cluster in ACM. | string | n/a | yes |
+| cluster\_name | GCP cluster Name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource. | string | n/a | yes |
 | create\_ssh\_key | Controls whether a key will be generated for Git authentication | bool | `"true"` | no |
 | enable\_policy\_controller | Whether to enable the ACM Policy Controller on the cluster | bool | `"true"` | no |
 | install\_template\_library | Whether to install the default Policy Controller template library | bool | `"true"` | no |
-| location | The location (zone or region) this cluster has been created in. | string | n/a | yes |
+| location | GCP location used to reach cluster. | string | n/a | yes |
 | operator\_path | Path to the operator yaml config. If unset, will download from GCS releases. | string | `"null"` | no |
-| policy\_dir | Subfolder containing configs in ACM Git repo | string | n/a | yes |
-| project\_id | The project in which the resource belongs. | string | n/a | yes |
+| policy\_dir | Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default. | string | `""` | no |
+| project\_id | GCP project_id used to reach cluster. | string | n/a | yes |
 | secret\_type | git authentication secret type, is passed through to ConfigManagement spec.git.secretType. Overriden to value 'ssh' if `create_ssh_key` is true | string | `"ssh"` | no |
 | skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module) | bool | `"false"` | no |
 | ssh\_auth\_key | Key for Git authentication. Overrides 'create_ssh_key' variable. Can be set using 'file(path/to/file)'-function. | string | `"null"` | no |
-| sync\_branch | ACM repo Git branch | string | `"master"` | no |
+| sync\_branch | ACM repo Git branch. If un-set, uses Config Management default. | string | `""` | no |
 | sync\_repo | ACM Git repo address | string | n/a | yes |
 
 ## Outputs
diff --git a/modules/acm/templates/acm-config.yml.tpl b/modules/acm/templates/acm-config.yml.tpl
index 80155737e..5bfeb33d2 100644
--- a/modules/acm/templates/acm-config.yml.tpl
+++ b/modules/acm/templates/acm-config.yml.tpl
@@ -5,11 +5,11 @@ metadata:
 spec:
   # clusterName is required and must be unique among all managed clusters
   clusterName: ${cluster_name}
-  git:
-    syncRepo: ${sync_repo}
-    syncBranch: ${sync_branch}
-    secretType: ${secret_type}
-    policyDir: ${policy_dir}
   policyController:
     enabled: ${enable_policy_controller}
     templateLibraryInstalled: ${install_template_library}
+  git:
+    syncRepo: ${sync_repo}
+    secretType: ${secret_type}
+    ${policy_dir_node}
+    ${sync_branch_node}
diff --git a/modules/acm/variables.tf b/modules/acm/variables.tf
index c03937eb0..e253dc018 100644
--- a/modules/acm/variables.tf
+++ b/modules/acm/variables.tf
@@ -15,17 +15,17 @@
  */
 
 variable "cluster_name" {
-  description = "The unique name to identify the cluster in ACM."
+  description = "GCP cluster Name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource."
   type        = string
 }
 
 variable "project_id" {
-  description = "The project in which the resource belongs."
+  description = "GCP project_id used to reach cluster."
   type        = string
 }
 
 variable "location" {
-  description = "The location (zone or region) this cluster has been created in."
+  description = "GCP location used to reach cluster."
   type        = string
 }
 
@@ -41,14 +41,15 @@ variable "sync_repo" {
 }
 
 variable "sync_branch" {
-  description = "ACM repo Git branch"
+  description = "ACM repo Git branch. If un-set, uses Config Management default."
   type        = string
-  default     = "master"
+  default     = ""
 }
 
 variable "policy_dir" {
-  description = "Subfolder containing configs in ACM Git repo"
+  description = "Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default."
   type        = string
+  default     = ""
 }
 
 variable "cluster_endpoint" {
diff --git a/modules/config-sync/README.md b/modules/config-sync/README.md
index 706d41b12..1109380bd 100644
--- a/modules/config-sync/README.md
+++ b/modules/config-sync/README.md
@@ -48,16 +48,16 @@ To deploy this config:
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | cluster\_endpoint | Kubernetes cluster endpoint. | string | n/a | yes |
-| cluster\_name | The unique name to identify the cluster in ACM. | string | n/a | yes |
+| cluster\_name | GCP cluster name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource. | string | n/a | yes |
 | create\_ssh\_key | Controls whether a key will be generated for Git authentication | bool | `"true"` | no |
-| location | The location (zone or region) this cluster has been created in. | string | n/a | yes |
+| location | GCP location used to reach cluster. | string | n/a | yes |
 | operator\_path | Path to the operator yaml config. If unset, will download from GCS releases. | string | `"null"` | no |
-| policy\_dir | Subfolder containing configs in ACM Git repo | string | n/a | yes |
-| project\_id | The project in which the resource belongs. | string | n/a | yes |
+| policy\_dir | Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default. | string | `""` | no |
+| project\_id | GCP project_id used to reach cluster. | string | n/a | yes |
 | secret\_type | credential secret type, passed through to ConfigManagement spec.git.secretType. Overriden to value 'ssh' if `create_ssh_key` is true | string | n/a | yes |
 | skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module) | bool | `"false"` | no |
 | ssh\_auth\_key | Key for Git authentication. Overrides 'create_ssh_key' variable. Can be set using 'file(path/to/file)'-function. | string | `"null"` | no |
-| sync\_branch | ACM repo Git branch | string | `"master"` | no |
+| sync\_branch | ACM repo Git branch. If un-set, uses Config Management default. | string | `""` | no |
 | sync\_repo | ACM Git repo address | string | n/a | yes |
 
 ## Outputs
diff --git a/modules/config-sync/templates/config-sync-config.yml.tpl b/modules/config-sync/templates/config-sync-config.yml.tpl
index a9f7fa45c..9820d0618 100644
--- a/modules/config-sync/templates/config-sync-config.yml.tpl
+++ b/modules/config-sync/templates/config-sync-config.yml.tpl
@@ -7,6 +7,6 @@ spec:
   clusterName: ${cluster_name}
   git:
     syncRepo: ${sync_repo}
-    syncBranch: ${sync_branch}
     secretType: ${secret_type}
-    policyDir: ${policy_dir}
+    ${sync_branch_node}
+    ${policy_dir_node}
diff --git a/modules/config-sync/variables.tf b/modules/config-sync/variables.tf
index 419da0c75..9582d7c37 100644
--- a/modules/config-sync/variables.tf
+++ b/modules/config-sync/variables.tf
@@ -15,17 +15,17 @@
  */
 
 variable "cluster_name" {
-  description = "The unique name to identify the cluster in ACM."
+  description = "GCP cluster name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource."
   type        = string
 }
 
 variable "project_id" {
-  description = "The project in which the resource belongs."
+  description = "GCP project_id used to reach cluster."
   type        = string
 }
 
 variable "location" {
-  description = "The location (zone or region) this cluster has been created in."
+  description = "GCP location used to reach cluster."
   type        = string
 }
 
@@ -41,14 +41,15 @@ variable "sync_repo" {
 }
 
 variable "sync_branch" {
-  description = "ACM repo Git branch"
+  description = "ACM repo Git branch. If un-set, uses Config Management default."
   type        = string
-  default     = "master"
+  default     = ""
 }
 
 variable "policy_dir" {
-  description = "Subfolder containing configs in ACM Git repo"
+  description = "Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default."
   type        = string
+  default     = ""
 }
 
 variable "cluster_endpoint" {
diff --git a/modules/k8s-operator-crd-support/main.tf b/modules/k8s-operator-crd-support/main.tf
index e9811f331..e492872d9 100644
--- a/modules/k8s-operator-crd-support/main.tf
+++ b/modules/k8s-operator-crd-support/main.tf
@@ -22,6 +22,8 @@ locals {
   k8sop_creds_secret_key   = var.secret_type == "cookiefile" ? "cookie_file" : var.secret_type
   should_download_manifest = var.operator_path == null ? true : false
   manifest_path            = local.should_download_manifest ? "${path.root}/.terraform/tmp/config-management-operator.yaml" : var.operator_path
+  sync_branch_node         = var.sync_branch != "" ? format("syncBranch: %s", var.sync_branch) : ""
+  policy_dir_node          = var.policy_dir != "" ? format("policyDir: %s", var.policy_dir) : ""
 }
 
 
@@ -87,8 +89,8 @@ data "template_file" "k8sop_config" {
   vars = {
     cluster_name             = var.cluster_name
     sync_repo                = var.sync_repo
-    sync_branch              = var.sync_branch
-    policy_dir               = var.policy_dir
+    sync_branch_node         = local.sync_branch_node
+    policy_dir_node          = local.policy_dir_node
     secret_type              = var.create_ssh_key ? "ssh" : var.secret_type
     enable_policy_controller = var.enable_policy_controller ? "true" : "false"
     install_template_library = var.install_template_library ? "true" : "false"
diff --git a/modules/k8s-operator-crd-support/variables.tf b/modules/k8s-operator-crd-support/variables.tf
index dee749866..5bae4aaec 100644
--- a/modules/k8s-operator-crd-support/variables.tf
+++ b/modules/k8s-operator-crd-support/variables.tf
@@ -15,17 +15,17 @@
  */
 
 variable "cluster_name" {
-  description = "The unique name to identify the cluster in ACM."
+  description = "GCP cluster name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource."
   type        = string
 }
 
 variable "project_id" {
-  description = "The project in which the resource belongs."
+  description = "GCP project_id used to reach cluster."
   type        = string
 }
 
 variable "location" {
-  description = "The location (zone or region) this cluster has been created in."
+  description = "GCP location used to reach cluster."
   type        = string
 }
 
@@ -51,14 +51,15 @@ variable "secret_type" {
 }
 
 variable "sync_branch" {
-  description = "ACM repo Git branch"
+  description = "ACM repo Git branch. If un-set, uses Config Management default."
   type        = string
-  default     = "master"
+  default     = ""
 }
 
 variable "policy_dir" {
-  description = "Subfolder containing configs in ACM Git repo"
+  description = "Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default."
   type        = string
+  default     = ""
 }
 
 variable "cluster_endpoint" {