diff --git a/modules/single-node-asg/main.tf b/modules/single-node-asg/main.tf
index d99b37ae..b7d7f6f4 100644
--- a/modules/single-node-asg/main.tf
+++ b/modules/single-node-asg/main.tf
@@ -52,6 +52,32 @@ module "service-data" {
   iam_instance_profile_role_name = module.instance_profile.iam_role_name
 }
 
+resource "aws_eip" "eip" {
+  count = var.assign_eip ? 1 : 0
+  vpc   = true
+}
+
+resource "aws_iam_role_policy_attachment" "associate_eip" {
+  role       = module.instance_profile.iam_role_name
+  policy_arn = aws_iam_policy.associate_eip_policy.arn
+}
+
+resource "aws_iam_policy" "associate_eip_policy" {
+  name   = "associate_address"
+  policy = data.aws_iam_policy_document.associate_eip_policy_doc.json
+}
+
+data "aws_iam_policy_document" "associate_eip_policy_doc" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "ec2:AssociateAddress"
+    ]
+    resources = ["*"]
+  }
+}
+
 # Create an ASG with just 1 EC2 instance
 module "server" {
   source = "../asg"
@@ -66,12 +92,11 @@ module "server" {
   max_nodes       = 1
   min_nodes       = 1
   placement_group = var.placement_group
-  public_ip       = var.public_ip
+  public_ip       = var.assign_eip ? false : var.public_ip
   # the prefix and suffix names are combined in
   # the `asg` module to create the full name
-  name_prefix = var.name_prefix
-  name_suffix = "${var.name_suffix}-${local.az}"
-
+  name_prefix        = var.name_prefix
+  name_suffix        = "${var.name_suffix}-${local.az}"
   root_volume_type   = var.root_volume_type
   root_volume_size   = var.root_volume_size
   security_group_ids = var.security_group_ids
@@ -84,7 +109,12 @@ module "server" {
 # exec > /tmp/init.log
 # exec 2> /tmp/init-err.log
 # set -x
+apt update
 ${var.init_prefix}
+${module.init-install-awscli.init_snippet}
+while ! ${var.assign_eip ? "aws ec2 associate-address --instance-id \"$(ec2metadata --instance-id)\" --region \"${var.region}\" --allocation-id \"${element(aws_eip.eip.*.id, 0)}\"" : "true"}; do
+  sleep 1
+done
 ${module.init-attach-ebs.init_snippet}
 ${var.init_suffix}
 END_INIT
@@ -97,3 +127,7 @@ module "init-attach-ebs" {
   region    = var.region
   volume_id = module.service-data.volume_id
 }
+
+module "init-install-awscli" {
+  source = "../init-snippet-install-awscli"
+}
diff --git a/modules/single-node-asg/outputs.tf b/modules/single-node-asg/outputs.tf
index d2bbbbdc..79106a09 100644
--- a/modules/single-node-asg/outputs.tf
+++ b/modules/single-node-asg/outputs.tf
@@ -12,3 +12,7 @@ output "data_volume_name_tag" {
   value       = "${local.data_volume_name_prefix}-${local.az}"
   description = "Name tag value for attached data volume"
 }
+
+output "eip_address" {
+  value = var.assign_eip ? aws_eip.eip.*[0].public_ip : ""
+}
diff --git a/modules/single-node-asg/variables.tf b/modules/single-node-asg/variables.tf
index 97de3191..b06b9093 100644
--- a/modules/single-node-asg/variables.tf
+++ b/modules/single-node-asg/variables.tf
@@ -62,7 +62,7 @@ variable "data_volume_size" {
 variable "data_volume_encrypted" {
   default     = true
   description = "Boolean, whether or not to encrypt the EBS block device"
-  type        = string
+  type        = bool
 }
 
 variable "data_volume_kms_key_id" {
@@ -98,7 +98,7 @@ variable "init_suffix" {
 variable "public_ip" {
   default     = true
   description = "Boolean flag to enable/disable `map_public_ip_on_launch` in the launch configuration"
-  type        = string
+  type        = bool
 }
 
 variable "subnet_id" {
@@ -121,3 +121,9 @@ variable "load_balancers" {
   description = "The list of load balancers names to pass to the ASG module"
   type        = list(string)
 }
+
+variable "assign_eip" {
+  default     = false
+  description = "Whether or not associating an EIP with the node."
+  type        = bool
+}