A VPC provides network isolation and control in cloud environments, forming the foundation of cloud network security.
VPC components
- Subnets: IP address ranges within the VPC (public or private).
- Route tables: Rules for directing network traffic.
- Internet gateway: Enables internet access for public subnets.
- NAT gateway: Allows private subnet resources to reach internet.
- Security groups: Stateful instance-level firewalls.
- Network ACLs: Stateless subnet-level firewalls.
Security best practices
- Use private subnets for databases and internal services.
- Implement security groups with least-privilege rules.
- Enable VPC Flow Logs for network visibility.
- Use VPC endpoints for private access to cloud services.
- Implement network segmentation between workloads.
Provider terminology
- AWS: VPC (Virtual Private Cloud)
- Azure: VNet (Virtual Network)
- GCP: VPC (Virtual Private Cloud)
Advanced features
- VPC Peering: Connect VPCs across accounts or regions.
- Transit Gateway: Hub-and-spoke network architecture.
- PrivateLink/Private Endpoints: Private connectivity to services.
- VPC Service Controls (GCP): Data exfiltration prevention.
Related Tools
Related Articles
View all articlesDNS Infrastructure Compared: Cloudflare DNS vs Route 53 vs Azure DNS vs Google Cloud DNS
A deep technical comparison of managed DNS services from Cloudflare, AWS Route 53, Azure DNS, and Google Cloud DNS — covering architecture, performance, security, pricing, and strategic implications.
Read article →Containers & Compute Compared: Cloudflare Workers/Containers vs AWS ECS/EKS vs Azure AKS vs Google GKE
A deep technical comparison of container and compute platforms — Cloudflare's edge compute model vs AWS ECS/EKS/Fargate, Azure AKS/Container Apps, and Google GKE/Cloud Run. Architecture, orchestration, pricing, and when containers vs edge isolates vs serverless containers win.
Read article →Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture
Master threat modeling with STRIDE and DREAD frameworks to identify, classify, and prioritize security threats before they become vulnerabilities. This comprehensive guide covers data flow diagrams, mitigation mappings, MITRE ATT&CK integration, and building an enterprise threat modeling program.
Read article →30 Cloud Security Tips for 2026: Essential Best Practices for Every Skill Level
Master cloud security with 30 actionable tips covering AWS, Azure, and GCP.
Read article →Explore More Cloud Security
View all termsAWS Security Hub
AWS service that aggregates security findings from multiple AWS services and third-party tools, providing a unified view of security posture.
Read more →CASB (Cloud Access Security Broker)
A security solution that sits between cloud service users and cloud applications to enforce security policies, provide visibility, and protect data.
Read more →Cloud Security Posture Management (CSPM)
Continuous monitoring and remediation of cloud misconfigurations across accounts, services, and regions.
Read more →Cloud Workload Protection Platform (CWPP)
Security tooling that safeguards cloud-native workloads—containers, serverless functions, and VMs—across build and runtime.
Read more →Cloud-Native Application Protection Platform (CNAPP)
A unified security platform that combines CSPM, CWPP, and other cloud security capabilities into a single solution.
Read more →Microsegmentation
A network security technique that divides the network into isolated segments, applying granular access controls between workloads.
Read more →