AWS Network Firewall - Invalid ARN error when adding AWS Managed Rule Group To Policy

Greetings,

When I attempt to add an AWS Managed Stateful Rule Group to an AWS Network Firewall Policy, I receive the error below:

Example Resource:

resource "aws_networkfirewall_firewall_policy" "nfw-policy" {
  name = "nfw-policy"
  firewall_policy {
    stateless_default_actions          = ["aws:forward_to_sfe"]
    stateless_fragment_default_actions = ["aws:forward_to_sfe"]
    stateful_engine_options {
      rule_order = "DEFAULT_ACTION_ORDER"
    }
    stateful_rule_group_reference {
      resource_arn = "arn:aws:network-firewall:us-east-2:aws-managed:stateful-rulegroup/MalwareDomainsActionOrder"
    }
  }
}

Resultant Error:

│ Error: "firewall_policy.0.stateful_rule_group_reference.0.resource_arn" (arn:aws:network-firewall:us-east-2:aws-managed:stateful-rulegroup/MalwareDomainsActionOrder) is an invalid ARN: invalid account ID value (expecting to match regular expression: ^(aws|\d{12})$)
│ 
│   with aws_networkfirewall_firewall_policy.nfw-policy,
│   on nfw.tf line 53, in resource "aws_networkfirewall_firewall_policy" "nfw-policy":
│   53:     stateful_rule_group_reference {
│ 

This only happens with the AWS Managed Stateful Rule Groups. Terraform can provision the policy resource just fine when I reference my own custom stateful rule groups. It appears Terraform’s regex rule doesn’t like the ARN of the managed rule groups because “aws-managed” is in place of a normal Account ID. Is there a workaround or fix?

Thanks in advance for any help.