fix(events): fix ECS target in Isolated subnet (#3786)

ECS targets used to request `assignPublicIp: true` in `Isolated`
subnets, which obviously is not going to work. Make sure that it will
only use request IP addresses in Public subnets.

Author: rix0rrr

packages/@aws-cdk/aws-events-targets/lib/ecs-task.ts

@@ -116,7 +116,7 @@ export class EcsTask implements events.IRuleTarget {
     // when using awsvpc network mode.
     if (this.taskDefinition.networkMode === ecs.NetworkMode.AWS_VPC) {
       const subnetSelection = this.props.subnetSelection || { subnetType: ec2.SubnetType.PRIVATE };
-      const assignPublicIp = subnetSelection.subnetType === ec2.SubnetType.PRIVATE ? 'DISABLED' : 'ENABLED';
+      const assignPublicIp = subnetSelection.subnetType === ec2.SubnetType.PUBLIC ? 'ENABLED' : 'DISABLED';
 
       new custom.AwsCustomResource(this.taskDefinition, `${rule.node.id}${id}PutTargets`, {
         // `onCreate´ defaults to `onUpdate` and we don't need an `onDelete` here

packages/@aws-cdk/aws-events-targets/test/ecs/event-rule-target.test.ts

@@ -251,3 +251,60 @@ test("Can use same fargate taskdef multiple times in a rule", () => {
     }]
   }))).not.toThrow();
 });
+
+test("Isolated subnet does not have AssignPublicIp=true", () => {
+  // GIVEN
+  const stack = new cdk.Stack();
+  const vpc = new ec2.Vpc(stack, 'Vpc', {
+    maxAzs: 1,
+    subnetConfiguration: [{
+      subnetType: ec2.SubnetType.ISOLATED,
+      name: 'Isolated'
+    }]
+   });
+  const cluster = new ecs.Cluster(stack, 'EcsCluster', { vpc });
+
+  const taskDefinition = new ecs.FargateTaskDefinition(stack, 'TaskDef');
+  taskDefinition.addContainer('TheContainer', {
+    image: ecs.ContainerImage.fromRegistry('henk'),
+  });
+
+  const rule = new events.Rule(stack, 'Rule', {
+    schedule: events.Schedule.expression('rate(1 min)')
+  });
+
+  // WHEN
+  rule.addTarget(new targets.EcsTask({
+    cluster,
+    taskDefinition,
+    taskCount: 1,
+    subnetSelection: { subnetType: ec2.SubnetType.ISOLATED },
+    containerOverrides: [{
+      containerName: 'TheContainer',
+      command: ['echo', 'yay'],
+    }]
+  }));
+
+  // THEN
+  expect(stack).toHaveResourceLike('Custom::AWS', {
+    Update: {
+      service: "CloudWatchEvents",
+      apiVersion: "2015-10-07",
+      action: "putTargets",
+      parameters: {
+        Targets: [
+          {
+            EcsParameters: {
+              LaunchType: "FARGATE",
+              NetworkConfiguration: {
+                awsvpcConfiguration: {
+                  AssignPublicIp: "DISABLED",
+                }
+              },
+            },
+          }
+        ]
+      }
+    }
+  });
+});