====== VPC (Virtual Private Cloud) ======

**What it is:** A logically isolated network in AWS where you launch resources (EC2, RDS, EKS nodes, etc.).

**What it’s for:**
  * Control IP ranges, subnets, routing, and firewall rules.
  * Separate public-facing resources from private/internal resources.

**Key ideas:**
  * You choose a **CIDR block** (IP range) for the VPC.
  * VPC contains [[aws:network:subnet|subnets]] (usually one subnet per AZ).
  * Routing is controlled by [[aws:network:route-table|route tables]].
  * Security is enforced using [[aws:network:security-group|security groups]] and [[aws:network:nacl|network ACLs]].

**Exam cues:**
  * “isolated network in AWS” → VPC.
  * “public vs private network design” → VPC with public/private subnets + IGW/NAT.

**Hard words (English + IPA + Vietnamese meaning):**
  * *virtual* /ˈvɝːtʃuəl/: ảo
  * *private* /ˈpraɪvət/: riêng tư/nội bộ
  * *isolated* /ˈaɪsəleɪtɪd/: cô lập
  * *CIDR* /ˈsaɪdər/ (thường đọc “cider”): dải IP theo kiểu 10.0.0.0/16

**Child pages:**
  * [[aws:network:subnet|Subnet]]
  * [[aws:network:route-table|Route Table]]
  * [[aws:network:internet-gateway|Internet Gateway (IGW)]]
  * [[aws:network:nat-gateway|NAT Gateway]]
  * [[aws:network:security-group|Security Group]]
  * [[aws:network:nacl|Network ACL (NACL)]]
  * [[aws:network:vpc-endpoint|VPC Endpoint]]