expose with_public_ip var of metadata service

[oavdeev]

@Erin-Boehmer how did this work for you, since you added the option not to assign the IP in the first place in #37 ?

I believe @andreinechaev ran into this issue with ECS not being able to pull images when it doesn't have IP address but runs in a public subnet. If it was a private subnet, I think it would be fine granted NAT gateway and Internet gateway are set up as usual.

We should maybe add a note that you should either

1. use a public subnet and remember to set with_public_ip to true
2. use a private subnet, then with_public_ip doesn't matter (?)
3. use a public subnet, leave with_public_ip to false, but configure the module to pull container images from a private repo accessible from within the VPC

I'm now trying to think what's the best way to communicate this to module users 🤔 Maybe add something in the description for the subnet setting too.

[leeyh20]

@oavdeev Agree, i ran into the same issue today. I was running this: https://github.com/outerbounds/terraform-aws-metaflow/blob/v0.7.1/examples/minimal/minimal_example.tf And because ECS is set to automatically use a private ip, the ECS cannot pull the image for metadata service.

Therefore now the minimal example would not work, since the minimal example uses public subnets for the ECS.

According to AWS, private subnets should have with_public_ip set to false and public subnets should have with_public_ip set to true. Link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_cannot_pull_image.html

Maybe it would be good to add this into a quickstart guide or something.

[oavdeev]

I'm thinking I'll add a note and maybe even remove the default in the next release, so the users have to read the note and make a conscious decision depending on their subnet setup