diff --git a/main.tf b/main.tf
index a4944a8..de9e6ff 100644
--- a/main.tf
+++ b/main.tf
@@ -85,7 +85,7 @@ resource "aws_subnet" "public" {
   cidr_block                      = var.public_subnet_cidrs[count.index]
   ipv6_cidr_block                 = cidrsubnet(aws_vpc.main.ipv6_cidr_block, 8, var.ipv6_public_subnet_netnum_offset + count.index)
   availability_zone               = element(local.azs, count.index)
-  map_public_ip_on_launch         = true
+  map_public_ip_on_launch         = var.map_public_ip_on_launch
   assign_ipv6_address_on_creation = true
 
   tags = merge(
diff --git a/variables.tf b/variables.tf
index 6682089..2e4a6d2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -41,6 +41,12 @@ variable "ipv6_private_subnet_netnum_offset" {
   default     = -1
 }
 
+variable "map_public_ip_on_launch" {
+  description = "Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is true."
+  type        = bool
+  default     = true
+}
+
 variable "create_nat_gateways" {
   description = "Optionally create NAT gateways (which cost $) to provide internet connectivity to the private subnets."
   type        = bool