Amazon Virtual Private Cloud is a secure and seamless bridge between a company’s existing IT infrastructure and the AWS cloud. Amazon VPC enables enterprises to connect their existing infrastructure to a set of isolated AWS compute resources via a Virtual Private Network (VPN) connection, and to extend their existing management capabilities such as security services, firewalls, and intrusion detection systems to include their AWS resources.

With Amazon Virtual Private Cloud, you create a VPC by first defining its IP address space. The IP addresses in this address space are private and form a network that is isolated at a packet-routing level from any other network, including the Internet.

You then create subnets, which are segments of a VPC's IP address space. These let you separate the Amazon EC2 instances in the VPC based on security and operational requirements. If you create more than one subnet in a VPC, they're attached to each other by a logical router, in a star topology.

To connect to a VPC, you create a VPN connection, which is a VPN tunnel between a VPC and a data center, home network, or co-location facility. You configure your existing network to route all VPC-bound traffic to the gateway that anchors your end of the VPN connection.

With a VPN connection established, you can launch Amazon EC2 instances into a VPC's subnets; with the appropriate security policy, these instances now appear on your existing network.

VPC traffic bound for the Internet is routed over the VPN to your existing network, where it can be examined by pre-existing network security services, such as firewalls and intrusion detection systems, before exiting your existing network perimeter to the Internet. This is particularly valuable if you're using specialized network appliances and software to enforce security policies.

Amazon VPC has its own set of documentation to describe how to create and use your VPC, subnets, and VPN connection. The following table gives links to the Amazon VPC guides.