Home/Glossary/Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC)

An isolated virtual network within a cloud provider where you can launch resources with control over IP addressing, subnets, and routing.

Cloud SecurityAlso called: "virtual network", "vnet", "cloud network"

A VPC provides network isolation and control in cloud environments, forming the foundation of cloud network security.

VPC components

  • Subnets: IP address ranges within the VPC (public or private).
  • Route tables: Rules for directing network traffic.
  • Internet gateway: Enables internet access for public subnets.
  • NAT gateway: Allows private subnet resources to reach internet.
  • Security groups: Stateful instance-level firewalls.
  • Network ACLs: Stateless subnet-level firewalls.

Security best practices

  • Use private subnets for databases and internal services.
  • Implement security groups with least-privilege rules.
  • Enable VPC Flow Logs for network visibility.
  • Use VPC endpoints for private access to cloud services.
  • Implement network segmentation between workloads.

Provider terminology

  • AWS: VPC (Virtual Private Cloud)
  • Azure: VNet (Virtual Network)
  • GCP: VPC (Virtual Private Cloud)

Advanced features

  • VPC Peering: Connect VPCs across accounts or regions.
  • Transit Gateway: Hub-and-spoke network architecture.
  • PrivateLink/Private Endpoints: Private connectivity to services.
  • VPC Service Controls (GCP): Data exfiltration prevention.

Related Tools

Related Articles

View all articles
Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Threat Modeling with STRIDE and DREAD: A Complete Guide to Proactive Security Architecture

Master threat modeling with STRIDE and DREAD frameworks to identify, classify, and prioritize security threats before they become vulnerabilities. This comprehensive guide covers data flow diagrams, mitigation mappings, MITRE ATT&CK integration, and building an enterprise threat modeling program.

Read article →
30 Cloud Security Tips for 2026: Essential Best Practices for Every Skill Level

30 Cloud Security Tips for 2026: Essential Best Practices for Every Skill Level

Master cloud security with 30 actionable tips covering AWS, Azure, and GCP.

Read article →
Zero Trust Architecture: A Practical Guide for Cloud Security

Zero Trust Architecture: A Practical Guide for Cloud Security

Learn how to implement Zero Trust architecture in AWS, Azure, and GCP. This guide covers the core principles, implementation strategies, and common pitfalls.

Read article →
Cloud Security Assessment: A Complete Guide

Cloud Security Assessment: A Complete Guide

We uncover the hidden misconfigurations and over-permissioned access putting your cloud environment at risk — and show you exactly how to fix them, fast.

Read article →

Explore More Cloud Security

View all terms

AWS Security Hub

AWS service that aggregates security findings from multiple AWS services and third-party tools, providing a unified view of security posture.

Read more →

CASB (Cloud Access Security Broker)

A security solution that sits between cloud service users and cloud applications to enforce security policies, provide visibility, and protect data.

Read more →

Cloud Security Posture Management (CSPM)

Continuous monitoring and remediation of cloud misconfigurations across accounts, services, and regions.

Read more →

Cloud Workload Protection Platform (CWPP)

Security tooling that safeguards cloud-native workloads—containers, serverless functions, and VMs—across build and runtime.

Read more →

Cloud-Native Application Protection Platform (CNAPP)

A unified security platform that combines CSPM, CWPP, and other cloud security capabilities into a single solution.

Read more →

Microsegmentation

A network security technique that divides the network into isolated segments, applying granular access controls between workloads.

Read more →
Back to glossary