For creating VPC, no hardware or physical data centres required. You can define your own network space and control how your network and EC2 resources inside your network are exposed to the internet.
What sort of security options do i have over my virtual private network ?
You can leverage the security options in AWS VPC to provide more granular access both to and from the EC2 instances in your virtual network.
You can create a public facing subnet for your web servers that have access to internet , private facing subnet with no internet access for backend systems such as databases, app servers etc.
What if i don’t want to connect my secure network to the public facing internet to restrict within corporate network ?
You can create a hardware virtual private network connection between your corporate data centre and your Amazon VPC.
It can be used to enable the inbound and outbound filtering at the instance level and subnet level.
For storing data , you can use S3 and restrict access ,so that it is only accessible from instances in your VPC.
