The Virtual Private Cloud, a.k.a. EC2-VPC, one of the main components you are bound to use when working with AWS. The first configuration question when working with WorkSpaces, VDI solution, or RDS will be: what VPC do you want?
A VPC is a logically isolated «data center» where your computer instances and various AWS services reside. Any failure to secure a correct VPC is on Amazon, while failure to provide a secure design for the hosted application is on the client.
AWS’s VPCs do not always contain the services promised to the client within themselves. Exposure to such services generally start and end at Layer 3 level, meaning they come from Amazon themselves, and are given whenever they are asked for. This is due to the fact that thousands of customers use them and are running on a massive shared network infrastructure, and running them internally would not offer such a flexible design to them. This is why AWS does not make use of VLANs either, since such technologies cannot scale well. Nor does it use MLPS.