Amazon Virtual Private Cloud (Amazon VPC)
Virtual private cloud (VPC) software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Amazon Virtual Private Cloud (Amazon VPC) and its alternatives fit your requirements.
Completely free
Free Trial unavailable
Free version
Small
Medium
Large
- Information technology and software
- Media and communications
- Healthcare and life sciences
What is Amazon Virtual Private Cloud (Amazon VPC)
Amazon Virtual Private Cloud (Amazon VPC) is a virtual networking service that lets organizations define isolated networks within Amazon Web Services (AWS) for running cloud resources. It is used by cloud architects, infrastructure and security teams to design subnets, routing, and connectivity for applications and data. Amazon VPC supports features such as security groups and network ACLs, private connectivity options, and integration with other AWS services for compute, storage, and managed platforms.
Granular network segmentation controls
Amazon VPC supports multi-subnet designs across availability zones, route tables, and gateways to segment workloads by tier, environment, or compliance boundary. Security groups provide instance-level stateful filtering, while network ACLs provide subnet-level stateless controls. These primitives enable repeatable network patterns for common architectures such as multi-tier applications and shared-services hubs.
Multiple private connectivity options
Amazon VPC provides several ways to connect private networks, including site-to-site VPN, dedicated connectivity via AWS Direct Connect, and VPC peering. It also supports private access to AWS services through VPC endpoints (interface and gateway endpoints), reducing reliance on public internet paths. This helps teams implement hybrid connectivity and service-to-service access patterns with controlled routing.
Deep AWS service integration
Amazon VPC is the default networking layer for many AWS services, which simplifies deploying compute and managed services into controlled subnets. It integrates with AWS identity, logging, and monitoring services (for example, VPC Flow Logs to CloudWatch Logs or S3) to support operational visibility. This tight coupling can reduce the amount of third-party networking tooling needed for AWS-centric environments.
AWS-specific design lock-in
Amazon VPC constructs and limits (such as VPCs, subnets, route tables, and endpoint types) are specific to AWS and do not translate 1:1 to other cloud providers. Organizations pursuing multi-cloud portability often need abstraction layers or separate network designs per provider. This can increase architecture and operational effort when compared with more uniform cross-cloud networking approaches.
Operational complexity at scale
As environments grow, managing CIDR planning, peering relationships, route propagation, and endpoint policies can become complex. Large organizations often need additional governance, automation, and standardized network patterns to avoid configuration drift. Misconfigurations in routing or security controls can lead to outages or unintended exposure, requiring strong change management.
Costs vary by connectivity choices
While creating a VPC is not typically billed directly, many associated components and traffic patterns incur charges (for example, NAT gateways, VPN connections, data transfer, and some endpoint usage). The most secure or scalable designs can introduce recurring networking costs that are not obvious early in prototyping. Teams usually need cost modeling for data transfer paths and managed gateway usage to avoid surprises.
Plan & Pricing
Pricing model: Pay-as-you-go (usage-based)
Free tier/trial: VPC core has no additional charge; IPAM offers a Free Tier (see notes).
Detailed pricing (selected VPC components & examples from AWS official pricing page):
-
Core Amazon VPC: No additional charge for using a VPC (you can create and use VPCs without a VPC-specific fee). Note: many VPC-related resources (NAT gateways, Elastic IPs, etc.) are billed separately.
-
NAT Gateway
- Billing: charged per NAT Gateway-hour (billed per hour/per AZ for regional NAT) + data processing charge per GB processed + standard AWS data transfer charges where applicable.
- Example (US East - Ohio example on AWS page): NAT Gateway hourly charge: $0.045 per hour; NAT Gateway data processing charge: $0.045 per GB.
-
IP Address Manager (IPAM)
- Two tiers: IPAM Free Tier and IPAM Advanced Tier.
- IPAM Free Tier: no charge (manages IPs in a single AWS Region/account; features limited compared to Advanced Tier).
- IPAM Advanced Tier: $0.00027 per active IP address per hour (hourly charge per active IP).
- Example: 7,000 active IPs x $0.00027/hr yields the examples provided on the AWS page.
-
Traffic Mirroring
- Billing: hourly per traffic-mirroring session (per ENI) while sessions are active.
- Example (US East - Ohio): $0.015 per session-hour.
-
Reachability Analyzer
- Billing: per analysis.
- Price: $0.10 per analysis.
-
Network Access Analyzer
- Billing: per ENI analyzed when running an assessment.
- Price: $0.002 per ENI analyzed (example uses this rate).
-
Public IPv4 Addresses (Elastic IPs / other public IPv4 assigned to account)
- Billing: hourly charge per public IPv4 address (same rate for in-use and idle addresses).
- Price: $0.005 per hour per public IPv4 address (in-use or idle).
-
Amazon-provided contiguous IPv4 block
- Billing: hourly charge per public IPv4 address in the contiguous block.
- Price: $0.008 per public IPv4 address per hour.
-
VPC Peering
- Billing: data transfer charges for data sent over peering connections that cross an Availability Zone within the same AWS Region (in and out).
- Common rate: $0.01 per GB (in and out) for many regions/local zones; a detailed Local Zone table with per-location rates appears on the AWS page.
-
VPC Route Server / Route Server Endpoints
- The main Amazon VPC pricing page lists VPC Route Server but does not include a per-endpoint price for general VPC Route Server endpoints on that page. (See notes: some AWS product pages that use VPC Route Server endpoints—e.g., Amazon EVS pricing—show endpoint-hour prices such as $0.75 per endpoint-hour for specific product pricing scenarios.)
- Status on VPC pricing page: unclear for a general per-endpoint Route Server price; mark as not clearly listed on the VPC pricing page.
-
VPC Encryption Controls
- Note: AWS states pricing for VPC Encryption Controls will launch on March 1, 2026. Until then (per the AWS page) customers can use it for free. AWS provides a regional table of the planned price per non-empty VPC per hour (examples below):
- US East (N. Virginia): $0.15 per non-empty VPC per hour
- US East (Ohio): $0.15 per non-empty VPC per hour
- US West (Oregon): $0.15 per non-empty VPC per hour
- US West (N. California): $0.16 per non-empty VPC per hour
- (Full region list and per-region hourly prices shown on the AWS page.)
- Note: AWS states pricing for VPC Encryption Controls will launch on March 1, 2026. Until then (per the AWS page) customers can use it for free. AWS provides a regional table of the planned price per non-empty VPC per hour (examples below):
Example costs (selected):
- NAT Gateway (example region shown on page): $0.045 per NAT-GW-hour + $0.045 per GB processed (example)
- IPAM Advanced: $0.00027 per active IP per hour
- Traffic Mirroring: $0.015 per session-hour (example)
- Reachability Analyzer: $0.10 per analysis
- Network Access Analyzer: $0.002 per ENI analysis
- Public IPv4 address (in-use or idle): $0.005 per hour per address
- Amazon-provided contiguous IPv4 address: $0.008 per hour per address
- VPC Peering (many regions): $0.01 per GB (in and out)
- VPC Encryption Controls (effective March 1, 2026): e.g., $0.15 per non-empty VPC per hour in US East (N. Virginia)
Discounts / Notes:
- Many charges are region-specific; AWS pricing page provides regional tables where applicable.
- Standard AWS data transfer charges (EC2 Data Transfer) may also apply in addition to VPC-specific charges (NAT Gateway, peering, etc.).
- Gateway-type VPC endpoints (e.g., S3 gateway endpoints) have no data-processing or hourly charges per AWS page (callout on NAT Gateway section).
Source: All items and rates above were taken from the official AWS Amazon VPC pricing page and related official AWS pages (Amazon VPC pricing page, AWS docs/examples, and Amazon EVS pricing where Route Server endpoints are referenced).
Seller details
Amazon Web Services, Inc.
Seattle, Washington, USA
2006
Subsidiary
https://aws.amazon.com/
https://x.com/awscloud
https://www.linkedin.com/company/amazon-web-services/
