In 2009, Amazon launched the Virtual Private Cloud (also known as Amazon VPC), which makes it possible for customers to create their own isolated set of Amazon EC2 instances to connect to their existing network over a secured VPN connection to a datacenter. This promises enterprise-level security. Today, Amazon Web Services is extended the functionality of VPC, allowing users to make their VPC directly accessible to the internet (bypassing the need for a VPN).
Users can actually specify which of their Amazon VPC resources they wish to make directly accessible to the Internet and which they do not. Customers have more control over the virtual networking environment, including selection of IP address range, creation of subnets, and configuration of route tables and network gateways.
Part of today’s upgrade offers more customization for VPC users. Enterprise users can create a public-facing subnet for web servers that have access to the Internet, and placing backend systems such as databases or application servers in a private-facing subnet with no Internet access (and a VPN connection).
Users can also store data in storage device Amazon S3 and set permissions so the data can only be accessed from within Amazon VPC or attach an Amazon Elastic IP Address to any Amazon VPC instance so it can be reached directly from the Internet.
Essentially this gives enterprises more flexibility with making private clouds either more accessible or private. As companies become comfortable with a more public facing cloud, it makes sense to give users options with their data security.