What is AWS VPC (Virtual Private Cloud)?

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. You control networking: IP address range, subnets, routing tables, network gateways. Key components: (1) CIDR block: IP address range for the VPC (e.g., 10.0.0.0/16 — 65,536 addresses); (2) Subnets: segments of the VPC IP range in a specific AZ. Public subnets (internet accessible), private subnets (no direct internet). Subnet CIDR must be subset of VPC CIDR; (3) Internet Gateway (IGW): allows communication between VPC and the internet. Attach to VPC, add route in public subnet route table; (4) Route Tables: rules determining where network traffic is directed. Each subnet associated with one route table; (5) NAT Gateway: allows private subnet instances to access internet (outbound only) while remaining private. Managed, highly available, charged per hour + data; (6) Security Groups: stateful virtual firewalls for instances — allow/deny inbound/outbound traffic by protocol, port, IP; (7) Network ACLs (NACLs): stateless firewall at subnet level — allow/deny rules evaluated in order; (8) VPC Peering: connect two VPCs privately; (9) VPC Endpoints: private connection to AWS services without internet (Gateway endpoints for S3/DynamoDB free; Interface endpoints for others via PrivateLink); (10) VPN Gateway: connect on-premises network to VPC. Default VPC: AWS creates one per region with public subnets — use for quick starts but create custom VPCs for production.