diff --git a/modules/gke-hub/README.md b/modules/gke-hub/README.md
index c618dc292..7be0510d0 100644
--- a/modules/gke-hub/README.md
+++ b/modules/gke-hub/README.md
@@ -299,7 +299,7 @@ module "hub" {
| [project_id](variables.tf#L80) | GKE hub project ID. | string | ✓ | |
| [clusters](variables.tf#L17) | Clusters members of this GKE Hub in name => id format. | map(string) | | {} |
| [configmanagement_clusters](variables.tf#L24) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} |
-| [configmanagement_templates](variables.tf#L31) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} |
+| [configmanagement_templates](variables.tf#L31) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} |
| [features](variables.tf#L66) | Enable and configure fleet features. | object({…}) | | {} |
| [workload_identity_clusters](variables.tf#L85) | Clusters that will use Fleet Workload Identity. | list(string) | | [] |
diff --git a/modules/gke-hub/variables.tf b/modules/gke-hub/variables.tf
index a981f7de0..8f31d32b6 100644
--- a/modules/gke-hub/variables.tf
+++ b/modules/gke-hub/variables.tf
@@ -51,13 +51,13 @@ variable "configmanagement_templates" {
enable_hierarchical_resource_quota = optional(bool)
enable_pod_tree_labels = optional(bool)
}))
- policy_controller = object({
+ policy_controller = optional(object({
audit_interval_seconds = optional(number)
exemptable_namespaces = optional(list(string))
log_denies_enabled = optional(bool)
referential_rules_enabled = optional(bool)
template_library_installed = optional(bool)
- })
+ }))
}))
default = {}
nullable = false