diff --git a/foundations/environments/main.tf b/foundations/environments/main.tf
index 3aba9f7ef..913817ab2 100644
--- a/foundations/environments/main.tf
+++ b/foundations/environments/main.tf
@@ -130,7 +130,7 @@ module "bq-audit-export" {
 module "log-sink-audit" {
   source                 = "terraform-google-modules/log-export/google"
   version                = "3.2.0"
-  filter                 = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
+  filter                 = var.audit_filter
   log_sink_name          = "logs-audit-${var.environments[0]}"
   parent_resource_type   = "folder"
   parent_resource_id     = split("/", module.folders-top-level.ids_list[0])[1]
diff --git a/foundations/environments/variables.tf b/foundations/environments/variables.tf
index 113fcddb4..720b6333a 100644
--- a/foundations/environments/variables.tf
+++ b/foundations/environments/variables.tf
@@ -12,6 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+variable "audit_filter" {
+  description = "Audit log filter used for the log sink."
+  type        = string
+  default     = <<END
+  logName: "/logs/cloudaudit.googleapis.com%2Factivity"
+  OR
+  logName: "/logs/cloudaudit.googleapis.com%2Fsystem_event"
+  END
+}
+
 variable "audit_viewers" {
   description = "Audit project viewers, in IAM format."
   type        = list(string)
@@ -43,13 +53,13 @@ variable "gcs_location" {
 variable "grant_xpn_org_roles" {
   description = "Grant roles needed for Shared VPC creation to service accounts at the organization level."
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "grant_xpn_folder_roles" {
   description = "Grant roles needed for Shared VPC creation to service accounts at the environment folder level."
   type        = bool
-  default     = true
+  default     = false
 }
 
 variable "organization_id" {