Cloud & Infrastructure
VPC
Also known as: Virtual Private Cloud
A VPC (Virtual Private Cloud) is a logically isolated network within a public cloud provider where you define your own IP addressing, subnets, routing, and security policies — your private network environment inside AWS, Azure, or GCP.
When you deploy resources in AWS, Azure, or GCP, they run inside a VPC — a virtual network that you own and control within the cloud provider's infrastructure. Your VMs, databases, and containers communicate on private IP addresses that you define, behind security groups and network ACLs that you configure, without being accessible to other tenants or the internet unless you explicitly allow it.
A VPC mirrors on-premises network concepts — subnets, route tables, gateways — implemented in software within the cloud. You define CIDR blocks for the VPC and subdivide them into subnets, typically across multiple availability zones for redundancy.
Key components:
Subnets — public subnets (with internet gateway routes, for load balancers and bastion hosts) and private subnets (no direct internet access, for databases and application servers).
Security groups — stateful firewall rules attached to individual resources. Define what traffic is allowed inbound and outbound per resource.
Network ACLs — stateless rules at the subnet level. An additional layer of traffic control on top of security groups.
VPC peering / Transit gateway — connect VPCs to each other or to on-premises networks. Enables private connectivity between cloud environments without traffic traversing the public internet.
For organizations using cloud infrastructure, the VPC is the foundational construct. Proper VPC design — subnet segmentation, security group hygiene, private vs public subnet placement — is the cloud equivalent of network segmentation on-premises.