You can use Amazon VPC to host multi-tier web applications and strictly enforce access and security restrictions between your webservers, application servers, and databases. You can launch webservers in a publicly accessible subnet and application servers and databases in non-publically accessible subnets. The application servers and databases can’t be directly accessed from the Internet, but they can still access the Internet via a NAT gateway to download patches, for example. You can control access between the servers and subnets using inbound and outbound packet filtering provided by network access control lists and security groups. To create a VPC that supports this use case, you can select "VPC with Public and Private Subnets" in the Amazon VPC console wizard.
Typical Use Case: Early stage startup workloads, quick prototypes, prelaunch experimentations, dev/test environments, microservices node, code repositories, dedicated application servers for light workloads. Resource intensive workloads like data aggregation, gaming front-ends, video encoding, high performance computing, batch processing. Also see our managed services for Startupreneurs.