Vpc

How Security Groups (stateful, per-instance) and NACLs (stateless, per-subnet) form different layers of defense in a VPC, plus the common pitfalls each surface.

Comparing the four mechanisms that connect a VPC to other VPCs, on-premises networks, and external services — Peering, Transit Gateway, Site-to-Site VPN, and PrivateLink — across topology and cost.

How Route Tables decide traffic paths inside a VPC, the role of Internet Gateway and NAT Gateway as external exits, and the actual meaning of Public/Private Subnet.

How VPC simulates a private network boundary by combining IP CIDR, Subnet, and Tenancy. Includes vendor naming map across AWS / GCP / Azure / Alibaba.