From 213c80b990bd1c4835fa22fca43a45e43eefe2bb Mon Sep 17 00:00:00 2001
From: Erin <Erin-Boehmer@users.noreply.github.com>
Date: Tue, 9 Aug 2022 17:54:42 -0400
Subject: [PATCH] Enable private IP by default (#37)

* Enable private IP by default

Co-authored-by: sahir-khan <sahir.khan@carta.com>

* Add var to README docs and add EOF line

Co-authored-by: sahir-khan <sahir.khan@carta.com>
---
 modules/metadata-service/README.md    | 1 +
 modules/metadata-service/ecs.tf       | 2 +-
 modules/metadata-service/variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/metadata-service/README.md b/modules/metadata-service/README.md
index adfe8e9..ae80492 100644
--- a/modules/metadata-service/README.md
+++ b/modules/metadata-service/README.md
@@ -36,6 +36,7 @@ If the `access_list_cidr_blocks` variable is set, only traffic originating from
 | <a name="input_subnet1_id"></a> [subnet1\_id](#input\_subnet1\_id) | First private subnet used for availability zone redundancy | `string` | n/a | yes |
 | <a name="input_subnet2_id"></a> [subnet2\_id](#input\_subnet2\_id) | Second private subnet used for availability zone redundancy | `string` | n/a | yes |
 | <a name="input_vpc_cidr_blocks"></a> [vpc\_cidr\_blocks](#input\_vpc\_cidr\_blocks) | The VPC CIDR blocks that we'll access list on our Metadata Service API to allow all internal communications | `list(string)` | n/a | yes |
+| <a name="input_with_public_ip"></a> [with\_public\_ip](#input\_with\_public\_ip) | Enable private IP by default | `bool` | `false` | no |
 
 ## Outputs
 
diff --git a/modules/metadata-service/ecs.tf b/modules/metadata-service/ecs.tf
index e8c14ca..1abd89d 100644
--- a/modules/metadata-service/ecs.tf
+++ b/modules/metadata-service/ecs.tf
@@ -74,7 +74,7 @@ resource "aws_ecs_service" "this" {
 
   network_configuration {
     security_groups  = [aws_security_group.metadata_service_security_group.id]
-    assign_public_ip = true
+    assign_public_ip = var.with_public_ip
     subnets          = [var.subnet1_id, var.subnet2_id]
   }
 
diff --git a/modules/metadata-service/variables.tf b/modules/metadata-service/variables.tf
index d471bd9..a8f6d31 100644
--- a/modules/metadata-service/variables.tf
+++ b/modules/metadata-service/variables.tf
@@ -109,3 +109,9 @@ variable "vpc_cidr_blocks" {
   type        = list(string)
   description = "The VPC CIDR blocks that we'll access list on our Metadata Service API to allow all internal communications"
 }
+
+variable "with_public_ip" {
+  type        = bool
+  default     = false
+  description = "Enable private IP by default"
+}