地形创建动态suricata规则

im使用以下代码编写aws网络防火墙suricata规则：

yaml:

rule_groups:
- name: "APPSTREAM"
allowed-domains:
- ".github.com"
- ".google.com"
source: "10.143.80.0/24"
- name: "TEST"
allowed-domains:
- ".microsoft.com"
- ".amazonaws.com"
source: "10.143.70.0/24"

地形代码：

locals {
list = yamldecode(file("${path.module}/settings.yaml"))["rule_groups"]
fw_group_rule = flatten([for rule in local.list : {
"name"            = rule.name
"allowed-domains" = rule.allowed-domains
"definition"      = rule.source
}
])
}
resource "aws_networkfirewall_rule_group" "limit-Domain-Access-v1" {
name     = "suricata-automation-test"
capacity = 1000
type     = "STATEFUL"
rule_group {
rule_variables {
ip_sets {
key = "SQUID_EP"
ip_set {
definition = ["10.143.60.158/32","10.143.60.17/32","10.143.60.164/32"]
}
}
dynamic "ip_sets" {
for_each = local.fw_group_rule
content {
key = ip_sets.value.name
ip_set {
definition = [ip_sets.value.definition]
}
}
}
}
rules_source {
rules_string = <<EOF
%{for index,i in local.fw_group_rule~}  
%{for url in i.allowed-domains}
pass http ֿֿֿֿֿ${"$"}${i.name} any -> $SQUID_EP any (http.host; dotprefix; content:"${url}"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:${index + 1}; rev:1;)
%{endfor}
%{endfor~}
EOF
}
}
tags = {
Name = "suricata-automation-test"
}
}
output "fw-group-rule" {
value = <<EOF
%{for index,i in local.fw_group_rule~}
%{for url in i.allowed-domains}
pass http ֿֿֿֿֿ${"$"}${i.name} any -> $SQUID_EP any (http.host; dotprefix; content:"${url}"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:1; rev:1;)
%{endfor}
%{endfor~}
EOF
}   

我的问题是当我试图在"；rules_source"；部分，它为每一个${i.name}和${url}创建一行字符串，我的问题是sid:${index + 1}部分对每一行都保持不变，我需要它对每一个行都是唯一的

示例结果：搜索sid

+         pass http ֿֿֿֿֿ$APPSTREAM any -> $SQUID_EP any (http.host; dotprefix; content:".github.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; **sid:1**; rev:1;)
+         
+         pass http ֿֿֿֿֿ$APPSTREAM any -> $SQUID_EP any (http.host; dotprefix; content:".google.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; **sid:1**; rev:1;)
+         
+                 
+         pass http ֿֿֿֿֿ$TEST any -> $SQUID_EP any (http.host; dotprefix; content:".microsoft.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; **sid:2**; rev:1;)
+         
+         pass http ֿֿֿֿֿ$TEST any -> $SQUID_EP any (http.host; dotprefix; content:".amazonaws.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; **sid:2**; rev:1;)

想要的结果：

+         pass http ֿֿֿֿֿ$APPSTREAM any -> $SQUID_EP any (http.host; dotprefix; content:".github.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:1; rev:1;)
+         
+         pass http ֿֿֿֿֿ$APPSTREAM any -> $SQUID_EP any (http.host; dotprefix; content:".google.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:2; rev:1;)
+         
+                 
+         pass http ֿֿֿֿֿ$TEST any -> $SQUID_EP any (http.host; dotprefix; content:".microsoft.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:3; rev:1;)
+         
+         pass http ֿֿֿֿֿ$TEST any -> $SQUID_EP any (http.host; dotprefix; content:".amazonaws.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:4; rev:1;)