Error on rate_based_statement, to ignore internal ips and apply rate limit on all other Ips

Error on rate_based_statement, to ignore internal ips and apply rate limit on all other Ips.

I am trying to ignore rate limiting to internal IP’s but apply rate limiting to all other IP’s.

I have the following
`
resource “aws_waf_ipset” “internal_ipset” {
name = “Internal-IPSet”

ip_set_descriptors {
type = “IPV4”
value = “10.0.0.0/16”
}
}
rule {
name = “rule-name”
priority = 6

action {
  block {}
}

visibility_config {
  sampled_requests_enabled    = true
  cloudwatch_metrics_enabled  = true
  metric_name                = "waf_name"
}

statement {
  rate_based_statement {
    limit               = 500
    aggregate_key_type  = "IP"
    not_statement {
      statement {
        ip_set_reference_statement {
          arn = aws_wafv2_ip_set.internal_ipset.arn
        }
      }
    }
  }
}

}`