What it is: A logically isolated network in AWS where you launch resources (EC2, RDS, EKS nodes, etc.).

What it’s for:

• Control IP ranges, subnets, routing, and firewall rules.
• Separate public-facing resources from private/internal resources.

Key ideas:

• You choose a CIDR block (IP range) for the VPC.
• VPC contains subnets (usually one subnet per AZ).
• Routing is controlled by route tables.
• Security is enforced using security groups and network ACLs.

Exam cues:

• “isolated network in AWS” → VPC.
• “public vs private network design” → VPC with public/private subnets + IGW/NAT.

Hard words (English + IPA + Vietnamese meaning):

• *virtual* /ˈvɝːtʃuəl/: ảo
• *private* /ˈpraɪvət/: riêng tư/nội bộ
• *isolated* /ˈaɪsəleɪtɪd/: cô lập
• *CIDR* /ˈsaɪdər/ (thường đọc “cider”): dải IP theo kiểu 10.0.0.0/16

Child pages:

• Subnet
• Route Table
• Internet Gateway (IGW)
• NAT Gateway
• Security Group
• Network ACL (NACL)
• VPC Endpoint