Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.
Service network configurations are defined by tasks in ECS, and when using awsvpc, when starting a service in a cluster. When starting a new service, the option will be available to either enable or disable the use of a public IP address. Follow the AWS documentation (below) on creating new task definitions and how to use them in an ECS cluster.
In Terraform -
References:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#network_mode?icmpid=docs_ecs_hp-task-definition
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#assign_public_ip