This chapter focused heavily on the VPC and how the different components of this infrastructure can come together to restrict and control access both at a network and instance level through the use of NACLs and security groups. It also covered how segmenting a network can also prevent unauthorized access through layered network protection by keeping some subnets private and some public.
A VPN acts as a base for your resources that can be deployed across different regions and Availability Zones, and so understanding where you can control access and how is fundamental in ensuring its protection. All rules added to NACLs and security groups, as well as rules added to route tables, should be refined and as detailed as possible in line with the Principle of Least Privilege (PoLP).
In the next chapter, we are going to look at how we can protect our web applications through the use of AWS Web Application Firewall, elastic load balancers, and AWS API Gateway.