VPC

When creating a VPC you must specify a:

Region (a VPC spans multiple Availability Zones)
IP Adress range in CIDR notation.

Within a VPC (and within an AvailabilityZone) you can create subnets to allow fine grained restrictions (e.g. public services accessible on the internet and private services).
aws_vpc.png|undefined

A VPC can be connected to external networks by creating routes in the RouteTable to an Internet Gateway or a Virtual Private Gateway. There are VPC Security features that can be used to additionally control which traffic goes where.

Within a subnet AWS has

Reserved IP Addresses

Within a VPC subnet AWS will reserve 5 IP addresses:

.0 -> Network address
.1 -> VPC local router
.2 -> DNS
.3 -> Future Use
.255 -> Broadcast address