diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3c70109..97c0701 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -160,12 +160,19 @@
     -  add r-inf-terraform assumable role for TF operations
 
 * 1.15.4 -- 2022-05-26
-   - remove billing-policies, move into iam-general-policies
+  - remove billing-policies, move into iam-general-policies
 
 * 1.15.5 -- 2022-05-27
   - iam-saml
     - add tags
 
+* 1.16.0 -- 2022-07-15
+  - change splunk template for
+    - cloudtrail
+    - config
+    - configrules
+    - description
+
 ## Version 2.x
 
 * 2.0.0 -- 2022-05-09
@@ -198,3 +205,10 @@
     - s3-access-logs
     - s3-flow-logs
     - config
+
+* 2.2.0 -- 2022-07-15
+  - change splunk template for
+    - cloudtrail
+    - config
+    - configrules
+    - description
diff --git a/cloudtrail/README.md b/cloudtrail/README.md
index 1bf5b1b..a39fa47 100644
--- a/cloudtrail/README.md
+++ b/cloudtrail/README.md
@@ -128,8 +128,8 @@ module "org_cloudtrail" {
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.66.0 |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_template"></a> [template](#provider\_template) | n/a |
 
 ## Modules
@@ -163,9 +163,9 @@ No modules.
 | [aws_sqs_queue_policy.additional_cloudtrail_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [aws_sqs_queue_policy.cloudtrail_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [aws_sqs_queue_policy.cloudtrail_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
+| [local_file.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [null_resource.policy_delay](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk_cloudtrail](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.additional_cloudtrail_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/cloudtrail/generate_splunk.cloudtrail.tf b/cloudtrail/generate_splunk.cloudtrail.tf
index 06063a3..59b2311 100644
--- a/cloudtrail/generate_splunk.cloudtrail.tf
+++ b/cloudtrail/generate_splunk.cloudtrail.tf
@@ -4,28 +4,42 @@
 data "template_file" "splunk_cloudtrail" {
   template = file("${path.module}/templates/inputs.cloudtrail.conf.tpl")
   vars = {
-    account_id      = local.account_id
-    account_alias   = local.account_alias
-    entry_uuid      = random_uuid.splunk_cloudtrail.result
+    account_id    = local.account_id
+    account_alias = local.account_alias
+    #    entry_uuid      = random_uuid.splunk_cloudtrail.result
     region          = local.region
     cloudtrail_name = local.splunk_name
     queue_url       = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].id : null
   }
 }
 
-resource "random_uuid" "splunk_cloudtrail" {
-  keepers = {
-    queue_url = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].id : null
-  }
-}
+# resource "random_uuid" "splunk_cloudtrail" {
+#   keepers = {
+#     queue_url = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].id : null
+#   }
+# }
 
 resource "null_resource" "splunk_cloudtrail" {
-  count = var.enable_sqs ? 1 : 0
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("inputs.%v.%v-%v.%v.conf", local.splunk_name, local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+  count = var.enable_sqs ? 1 : 0
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_cloudtrail.rendered}' > inputs.${local.splunk_name}.${local.account_id}.${local.region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
+
+  #  provisioner "local-exec" {
+  #    working_dir = "setup"
+  #    command     = "echo '${data.template_file.splunk_cloudtrail.rendered}' > inputs.${local.splunk_name}.${local.account_id}.${local.region}.conf"
+  #  }
+}
+
+resource "local_file" "splunk_cloudtrail" {
+  count = var.enable_sqs ? 1 : 0
+
+  content         = data.template_file.splunk_cloudtrail.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_cloudtrail.triggers.directory, null_resource.splunk_cloudtrail.triggers.filename)
 }
diff --git a/cloudtrail/templates/inputs.cloudtrail.conf.tpl b/cloudtrail/templates/inputs.cloudtrail.conf.tpl
index 51d0fde..4f9956a 100644
--- a/cloudtrail/templates/inputs.cloudtrail.conf.tpl
+++ b/cloudtrail/templates/inputs.cloudtrail.conf.tpl
@@ -1,5 +1,5 @@
-[aws_sqs_based_s3://${account_alias}-${cloudtrail_name}-${region}]
-account = ${account_alias}
+[aws_sqs_based_s3://${account_id}-${account_alias}-${cloudtrail_name}-${region}]
+account = ${account_id}-${account_alias}
 index = aws
 polling_interval = 300
 s3_file_decoder = CloudTrail
diff --git a/common/version.tf b/common/version.tf
index 2c6176e..d3e2658 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.1.1"
+  _module_version = "2.2.0"
 }
diff --git a/config/README.md b/config/README.md
index 9357479..409709a 100644
--- a/config/README.md
+++ b/config/README.md
@@ -33,8 +33,8 @@ No requirements.
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_template"></a> [template](#provider\_template) | n/a |
 
 ## Modules
@@ -66,10 +66,10 @@ No modules.
 | [aws_sqs_queue.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource |
 | [aws_sqs_queue_policy.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
 | [aws_sqs_queue_policy.config_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource |
+| [local_file.splunk_config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.splunk_configrules](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [null_resource.splunk_config](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [null_resource.splunk_configrules](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk_config](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
-| [random_uuid.splunk_configrules](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy.aws_config_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
diff --git a/config/generate_splunk.config.tf b/config/generate_splunk.config.tf
index 52c97e1..ece27f2 100644
--- a/config/generate_splunk.config.tf
+++ b/config/generate_splunk.config.tf
@@ -6,24 +6,41 @@ data "template_file" "splunk_config" {
   vars = {
     account_id    = local.account_id
     account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk_config.result
-    region        = local.config_region
-    queue_url     = aws_sqs_queue.config.id
-  }
-}
-
-resource "random_uuid" "splunk_config" {
-  keepers = {
+    #    entry_uuid    = random_uuid.splunk_config.result
+    region    = local.config_region
     queue_url = aws_sqs_queue.config.id
   }
 }
 
+# resource "random_uuid" "splunk_config" {
+#   keepers = {
+#     queue_url = aws_sqs_queue.config.id
+#   }
+# }
+# 
+# resource "null_resource" "splunk_config" {
+#   provisioner "local-exec" {
+#     command = "test -d setup || mkdir setup"
+#   }
+#   provisioner "local-exec" {
+#     working_dir = "setup"
+#     command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.config_region}.conf"
+#   }
+# }
+
 resource "null_resource" "splunk_config" {
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("inputs.config.%v-%v.%v.conf", local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_config.rendered}' > inputs.config.${local.account_id}.${local.config_region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
 }
+
+resource "local_file" "splunk_config" {
+  content         = data.template_file.splunk_config.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_config.triggers.directory, null_resource.splunk_config.triggers.filename)
+}
diff --git a/config/generate_splunk.config_rules.tf b/config/generate_splunk.config_rules.tf
index c3e6d9d..2f84117 100644
--- a/config/generate_splunk.config_rules.tf
+++ b/config/generate_splunk.config_rules.tf
@@ -6,23 +6,40 @@ data "template_file" "splunk_configrules" {
   vars = {
     account_id    = local.account_id
     account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk_configrules.result
-    region        = local.config_region
+    #    entry_uuid    = random_uuid.splunk_configrules.result
+    region = local.config_region
   }
 }
 
-resource "random_uuid" "splunk_configrules" {
-  keepers = {
-    config_rule = length(local.all_crules) > 0 ? 1 : 0
-  }
-}
+# resource "random_uuid" "splunk_configrules" {
+#   keepers = {
+#     config_rule = length(local.all_crules) > 0 ? 1 : 0
+#   }
+# }
+
+# resource "null_resource" "splunk_configrules" {
+#   provisioner "local-exec" {
+#     command = "test -d setup || mkdir setup"
+#   }
+#   provisioner "local-exec" {
+#     working_dir = "setup"
+#     command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.config_region}.conf"
+#   }
+# }
 
 resource "null_resource" "splunk_configrules" {
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("aws_config_rules_tasks.%v-%v.%v.conf", local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_configrules.rendered}' > aws_config_rules_tasks.${local.account_id}.${local.config_region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
 }
+
+resource "local_file" "splunk_configrules" {
+  content         = data.template_file.splunk_configrules.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_configrules.triggers.directory, null_resource.splunk_configrules.triggers.filename)
+}
diff --git a/config/templates/aws_config_rules_tasks.conf.tpl b/config/templates/aws_config_rules_tasks.conf.tpl
index 3e36e6f..4d3369e 100644
--- a/config/templates/aws_config_rules_tasks.conf.tpl
+++ b/config/templates/aws_config_rules_tasks.conf.tpl
@@ -1,6 +1,5 @@
-##[${account_alias}-configrules-${region}_${entry_uuid}]
-[${account_alias}-configrules-${region}]
-account = ${account_alias}
+[${account_id}-${account_alias}-configrules-${region}]
+account = ${account_id}-${account_alias}
 index = aws
 polling_interval = 3600
 region = ${region}
diff --git a/config/templates/inputs.config.conf.tpl b/config/templates/inputs.config.conf.tpl
index cf0e4d1..b3e0b4e 100644
--- a/config/templates/inputs.config.conf.tpl
+++ b/config/templates/inputs.config.conf.tpl
@@ -1,5 +1,5 @@
-[aws_sqs_based_s3://${account_alias}-config-${region}]
-account = ${account_alias}
+[aws_sqs_based_s3://${account_id}-${account_alias}-config-${region}]
+account = ${account_id}-${account_alias}
 index = aws
 polling_interval = 300
 s3_file_decoder = Config
@@ -7,3 +7,4 @@ sourcetype = aws:config
 sqs_batch_size = 10
 sqs_queue_region = ${region}
 sqs_queue_url = ${queue_url}
+
diff --git a/splunk-description/README.md b/splunk-description/README.md
index 356df41..e4f46c3 100644
--- a/splunk-description/README.md
+++ b/splunk-description/README.md
@@ -26,8 +26,8 @@ No requirements.
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+| <a name="provider_local"></a> [local](#provider\_local) | n/a |
 | <a name="provider_null"></a> [null](#provider\_null) | n/a |
-| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_template"></a> [template](#provider\_template) | n/a |
 
 ## Modules
@@ -38,8 +38,8 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [local_file.splunk_description](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [null_resource.splunk_description](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
-| [random_uuid.splunk_description](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
diff --git a/splunk-description/generate_splunk.description.tf b/splunk-description/generate_splunk.description.tf
index 5193281..6152586 100644
--- a/splunk-description/generate_splunk.description.tf
+++ b/splunk-description/generate_splunk.description.tf
@@ -10,25 +10,43 @@ data "template_file" "splunk_description" {
   vars = {
     account_id    = local.account_id
     account_alias = local.account_alias
-    entry_uuid    = random_uuid.splunk_description.result
-    region        = local.region
-    api_list      = join(",", local.api_values)
+    #    entry_uuid    = random_uuid.splunk_description.result
+    region   = local.region
+    api_list = join(",", local.api_values)
   }
 }
 
-resource "random_uuid" "splunk_description" {
-  keepers = {
-    description = length(local.api_list) > 0 ? 1 : 0
-  }
-}
+# resource "random_uuid" "splunk_description" {
+#   keepers = {
+#     description = length(local.api_list) > 0 ? 1 : 0
+#   }
+# }
+# 
+# resource "null_resource" "splunk_description" {
+#   count = length(local.api_list) > 0 ? 1 : 0
+#   provisioner "local-exec" {
+#     command = "test -d setup || mkdir setup"
+#   }
+#   provisioner "local-exec" {
+#     working_dir = "setup"
+#     command     = "echo '${data.template_file.splunk_description.rendered}' > ${local.template_prefix}.${local.account_id}.${local.region}.conf"
+#   }
+# }
+
 
 resource "null_resource" "splunk_description" {
-  count = length(local.api_list) > 0 ? 1 : 0
-  provisioner "local-exec" {
-    command = "test -d setup || mkdir setup"
+  triggers = {
+    filename  = format("%v.%v-%v.%v.conf", local.template_prefix, local.account_id, local.account_alias, local.region)
+    directory = format("%v/setup", path.root)
   }
+
   provisioner "local-exec" {
-    working_dir = "setup"
-    command     = "echo '${data.template_file.splunk_description.rendered}' > ${local.template_prefix}.${local.account_id}.${local.region}.conf"
+    command = "test -d ${self.triggers.directory} || mkdir ${self.triggers.directory}"
   }
 }
+
+resource "local_file" "splunk_description" {
+  content         = data.template_file.splunk_description.rendered
+  file_permission = "0644"
+  filename        = format("%v/%v", null_resource.splunk_description.triggers.directory, null_resource.splunk_description.triggers.filename)
+}
diff --git a/splunk-description/templates/aws_description_tasks.conf.tpl b/splunk-description/templates/aws_description_tasks.conf.tpl
index 9819061..6dac941 100644
--- a/splunk-description/templates/aws_description_tasks.conf.tpl
+++ b/splunk-description/templates/aws_description_tasks.conf.tpl
@@ -1,6 +1,7 @@
-[${account_alias}-description-${region}]
-account = ${account_alias}
+[${account_id}-${account_alias}-description-${region}]
+account = ${account_id}-${account_alias}
 apis = ${api_list}
 index = aws
 regions = ${region}
 sourcetype = aws:description
+