ClusterService, if I don't map an ipv4 on launch, all will fails

Question

I configured my service as

```
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          Subnets:
            - Fn::ImportValue: EffeVpcChunk1DualStackSubnetAArn-staging
            - Fn::ImportValue: EffeVpcChunk1DualStackSubnetBArn-staging
            - Fn::ImportValue: EffeVpcChunk1DualStackSubnetCArn-staging
          SecurityGroups:
            - Ref: ContainerSecurityGroup
```

EC2 Load Balancer is dual stack, using 3 dual stack subnets

When creating the cluster service, I want to avoid mapping of public ipv4 ON THE SINGLE TASKS

I am not trying to avoid ipv4 on ELB, I know it's mandatory. I want to avoid useless ipv4 on singles task.
It's useless, because my cloud front distribution point to load balancers so it's an internal matter of routing, I think.
route table, security groups, nacls, etc are already ok, I forwared in and out traffic, both ipv4 and ipv6. And also allowed in traffic for http port 80 from load balancer security group into container.

Actually it's all working but *every* single task has a public ip. Why ?! How to get rid of this?

i if set `AssignPublicIp: DISABLED`, the service will never start because task deployment fails, for no explained reason at all

Answer

Hello.

I made a similar comment in the question below.  
https://repost.aws/ja/questions/QUeheKOD1VQfeUqhqv2OuxOg/elb-is-now-ipv6-how-to-check-ipv4-and-ipv6-connection-and-if-i-am-still-paying-ipv4-addresses

If automatic public IP assignment is enabled in the ECS service, a public IPv4 is attached to the ECS task.  
Also, if you do not assign a public IPv4 address to the ECS task, you will need to pull the container image from ECR using a NAT Gateway or VPC endpoint.  
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/networking-outbound.html#networking-private-subnet

ClusterService, if I don't map an ipv4 on launch, all will fails

Relevant content