Home/Glossary/Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC)

An isolated virtual network within a cloud provider where you can launch resources with control over IP addressing, subnets, and routing.

Cloud SecurityAlso called: "virtual network", "vnet", "cloud network"

A VPC provides network isolation and control in cloud environments, forming the foundation of cloud network security.

VPC components

  • Subnets: IP address ranges within the VPC (public or private).
  • Route tables: Rules for directing network traffic.
  • Internet gateway: Enables internet access for public subnets.
  • NAT gateway: Allows private subnet resources to reach internet.
  • Security groups: Stateful instance-level firewalls.
  • Network ACLs: Stateless subnet-level firewalls.

Security best practices

  • Use private subnets for databases and internal services.
  • Implement security groups with least-privilege rules.
  • Enable VPC Flow Logs for network visibility.
  • Use VPC endpoints for private access to cloud services.
  • Implement network segmentation between workloads.

Provider terminology

  • AWS: VPC (Virtual Private Cloud)
  • Azure: VNet (Virtual Network)
  • GCP: VPC (Virtual Private Cloud)

Advanced features

  • VPC Peering: Connect VPCs across accounts or regions.
  • Transit Gateway: Hub-and-spoke network architecture.
  • PrivateLink/Private Endpoints: Private connectivity to services.
  • VPC Service Controls (GCP): Data exfiltration prevention.

Related Tools

Related Articles

View all articles
Cloud Migration & Validation Workflow | Complete Migration

Cloud Migration & Validation Workflow | Complete Migration

Execute flawless cloud migrations using proven 7R strategies, AWS Well-Architected Framework, and comprehensive validation at every stage—from discovery to production optimization.

Read article →
Multi-Cloud Cost Optimization Workflow

Multi-Cloud Cost Optimization Workflow

Master the complete 8-stage multi-cloud cost optimization workflow used by FinOps practitioners. Learn how to eliminate $44.5B in cloud waste through visibility, rightsizing, commitment planning, and continuous monitoring across AWS, Azure, and GCP.

Read article →
What are network ports and why do they matter?

What are network ports and why do they matter?

Learn about network ports, their role in computer communication, and why they

Read article →
What are well-known ports vs registered ports?

What are well-known ports vs registered ports?

Learn the difference between well-known ports and registered ports, their use cases, and how they

Read article →

Explore More Cloud Security

View all terms

AWS Security Hub

AWS service that aggregates security findings from multiple AWS services and third-party tools, providing a unified view of security posture.

Read more →

Cloud Security Posture Management (CSPM)

Continuous monitoring and remediation of cloud misconfigurations across accounts, services, and regions.

Read more →

Cloud Workload Protection Platform (CWPP)

Security tooling that safeguards cloud-native workloads—containers, serverless functions, and VMs—across build and runtime.

Read more →

Cloud-Native Application Protection Platform (CNAPP)

A unified security platform that combines CSPM, CWPP, and other cloud security capabilities into a single solution.

Read more →

Microsegmentation

A network security technique that divides the network into isolated segments, applying granular access controls between workloads.

Read more →

Shared Responsibility Model

A framework that outlines which security tasks the cloud provider handles versus what the customer must secure.

Read more →
Back to glossary