stop auto assign Public EIP to management interfaces

[jollymahn]

Is your feature request related to a problem?

set create public IP to false across all example tfvars. Use NAT-GW for mgt internet access instead

  mgmt = {
    device_index      = 1
    security_group    = "vmseries_mgmt"
    vpc               = "security_vpc"
    subnet_group      = "mgmt"
    **create_public_ip  = FALSE**
    source_dest_check = true
  }

terraform-aws-swfw-modules/examples/combined_design/example.tfvars

Line 521 in 1c4112b

create_public_ip = true

Describe the solution you'd like

You should use a nat GW for MGT internet access.

routes = {
# Value of next_hop_key must match keys use to create TGW attachment, IGW, GWLB endpoint or other resources
# Value of next_hop_type is internet_gateway, nat_gateway, transit_gateway_attachment or gwlbe_endpoint
mgmt_default = {
vpc = "security_vpc"
subnet_group = "mgmt"
to_cidr = "0.0.0.0/0"
next_hop_key = "security_nat_gw"
next_hop_type = "nat_gateway"
}

Describe alternatives you've considered.

Push updated and software from Panorama

Additional context

it is not best practice to apply an EIP to the management interface