我的Gradle项目包含3个模块:“ common”,“ api”和“ app”。 “ app”和“ api”都取决于“ common”:
resource "aws_iam_role" "cloudwatchToFirehose" {
name = "${var.env}-${var.name}FirehoseCWL-Role"
assume_role_policy = <<JSON
{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": { "Service": "logs.${var.region}.amazonaws.com"},
"Effect": "Allow"
}]
}
JSON
}
resource "aws_iam_policy" "cloudwatchToFirehose" {
name = "${var.env}-${var.name}FirehoseCWL-Policy"
policy = <<JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect":"Allow",
"Action": [
"firehose:DeleteDeliveryStream",
"firehose:PutRecord",
"firehose:PutRecordBatch",
"firehose:UpdateDestination"
],
"Resource": ["${aws_kinesis_firehose_delivery_stream.firehoseToS3.arn}"]
}
]
}
JSON
}
resource "aws_iam_role_policy_attachment" "cloudwatchToFirehose" {
role = "${aws_iam_role.cloudwatchToFirehose.name}"
policy_arn = "${aws_iam_policy.cloudwatchToFirehose.arn}"
}
resource "aws_iam_role" "firehoseToS3" {
name = "${var.env}-${var.name}FirehoseS3-Role"
assume_role_policy = <<JSON
{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": { "Service": "firehose.amazonaws.com"},
"Effect": "Allow"
}]
}
JSON
lifecycle {
create_before_destroy = true
}
}
resource "aws_iam_policy" "firehoseToS3" {
name = "${var.env}-${var.name}FirehoseS3-Policy"
policy = <<JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::${var.logs_bucket}",
"arn:aws:s3:::${var.logs_bucket}/*"
]
},
{
"Effect": "Allow",
"Action": [
"kinesis:DescribeStream",
"kinesis:GetShardIterator",
"kinesis:GetRecords"
],
"Resource": "${aws_kinesis_firehose_delivery_stream.firehoseToS3.arn}"
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": [
"${var.kms_general_key}"
]
},
{
"Effect": "Allow",
"Action": [
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:log-group:${var.org}-${var.group}-${var.environment}/Firehose:*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction",
"lambda:GetFunctionConfiguration"
],
"Resource": [
"arn:aws:lambda:*:*:function:*:*"
]
}
]
}
JSON
lifecycle {
create_before_destroy = true
}
}
resource "aws_iam_role_policy_attachment" "firehoseToS3" {
role = "${aws_iam_role.firehoseToS3.name}"
policy_arn = "${aws_iam_policy.firehoseToS3.arn}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_kinesis_firehose_delivery_stream" "firehoseToS3" {
name = "${var.env}-${var.name}Firehose-Stream"
destination = "s3"
s3_configuration {
role_arn = "${aws_iam_role.firehoseToS3.arn}"
bucket_arn = "arn:aws:s3:::${var.logs_bucket}"
buffer_interval = "300"
buffer_size = "10"
prefix = "${var.name}"
}
}
resource "aws_cloudwatch_log_subscription_filter" "cloudwatchToFirehose" {
count = "1"
name = "${var.env}-${var.name}Filter-Subscription"
role_arn = "${aws_iam_role.cloudwatchToFirehose.arn}"
log_group_name = "${element(var.log_groups, count.index)}"
filter_pattern = ""
destination_arn = "${aws_kinesis_firehose_delivery_stream.firehoseToS3.arn}"
}
如果我将“ api”发布到Maven存储库,则pom.xml包含对“ common”的引用。有可能避免这种情况吗?我不想发布“ common”,我希望将其类添加到“ api”