A virtual private cloud (VPC) is an isolated network environment that you can configure to meet your business requirements in different scenarios.
Applications that are hosted in a VPC can provide external services. To control access to the applications over the Internet, you can create security group rules and whitelists. You can also isolate application servers from databases to implement access control. For example, you can deploy web servers in a subnet that allows access to the Internet, and deploy the databases in another subnet that denies access to the Internet.
Host applications that require access to the Internet
You can host applications that require access to the Internet in a subnet of a VPC and use a NAT gateway to route network traffic. You can configure SNAT rules to allow instances in the subnet to access the Internet without the need to expose the private IP addresses. In addition, you can change the public IP address that is used to access the Internet at any time to prevent attacks from the Internet.
Implement cross-zone disaster recovery
You can create vSwitchs to divide a VPC into one or more subnets. vSwitches within the same VPC can communicate with each other. To implement cross-zone disaster recovery, you can deploy resources across vSwitches in different zones.
Isolate business systems
VPCs are logically isolated from each other. You can use multiple VPCs to isolate business systems in different environments such as production and test environments. To allow business systems deployed in two VPCs to communicate with each other, you can create a peering connection between the VPCs. For more information, see What is a peering connection?.
Build a hybrid cloud
To expand your on-premises network, you can create a dedicated connection between a VPC and your data center. This allows you to seamlessly migrate the application systems in your data center to the cloud. You do not need to change the access method for the applications.