parallelCluster compute node public IP addresses?

After poking around I think I understand. It looks like what ParallelCluster does is create/generate two new security groups. The first (called something like "parallelcluster- clustername -MasterSecurityGroup-) allows inbound ssh and inbound traffic from the 2nd group ("parallelcluster- clustername -ComputeSecurityGroup-"). This last group allow inbound only from the Master sg and the Compute sg (i.e. other nodes in the compute group i suppose).

I don't quite understand why I'd need public IPv4 addresses for the compute nodes, but *shrug*

If you use a single subnet for master and compute nodes, with an Internet Gateway, then you'll need to assign public IPs to all your nodes. An alternative setup is to use a different subnet for the compute nodes and specify it with compute_subnet_id. In the compute subnet you can disable auto assign public ips and use a NAT gateway. Then you can SSH into your compute nodes by using the master as a Proxy node. First SSH into the master and then ssh into the compute node but don't forget to enable ssh agent forwarding or to copy the ssh key needed for the compute nodes to the master node.

Please take a look at the networking setup described here: https://aws-parallelcluster.readthedocs.io/en/latest/networking.html#aws-parallelcluster-with-awsbatch-scheduler. Although this setup is described for the awsbatch scheduler it should work fine with the other schedulers and might be exactly what you are looking for.