Amazon VPC Cheat Sheet Hub

Amazon VPC (Virtual Private Cloud) is the networking backbone of every AWS architecture — and one of the most complex topics on SAA-C03, SAP-C02, and the Advanced Networking Specialty (ANS-C01). Nearly every exam question involving multi-tier applications, security isolation, hybrid connectivity, or high availability touches VPC concepts.

The VPC service cheat sheet covers the fundamentals: CIDR block sizing, public vs private subnets, Internet Gateway vs NAT Gateway vs NAT Instance, route table rules, security groups (stateful) vs NACLs (stateless), VPC endpoints (Gateway vs Interface/PrivateLink), and DNS resolution settings. It also covers the key limits: 5 VPCs per region by default, 200 subnets per VPC, and the implications of non-overlapping CIDR blocks for peering.

The networking comparison sheets resolve the hardest VPC architecture decisions. VPC Peering vs Transit Gateway vs PrivateLink is the definitive guide to inter-VPC connectivity — when peering works (small number of VPCs, no transitive routing needed), when Transit Gateway is required (hub-and-spoke at scale), and when PrivateLink is the right choice (exposing a service without exposing the VPC). Security Groups vs NACLs clarifies the stateful vs stateless distinction that appears on virtually every networking question.

For hybrid connectivity, the Direct Connect vs VPN vs Internet comparison covers bandwidth, latency, cost, and reliability trade-offs. These scenarios are heavily tested on SAP-C02 and ANS-C01 — understanding when to use Direct Connect (consistent bandwidth, private connectivity) vs Site-to-Site VPN (encrypted overlay, lower cost) vs Transit Gateway with multiple attachments is essential.

The VPC Networking Fundamentals architecture guide ties everything together — CIDR planning for multi-region deployments, Transit Gateway route domains, PrivateLink design patterns, and the security architecture of a well-designed multi-tier VPC with public, private, and isolated subnet tiers.