Amazon has VPCs which are virtual private clouds. They let you configure networks with specific requirements, such as being closed off from the outside world.
Once closed off from the world, only your servers within the public subnets can access those in the private subnet. By default, the private subnet can't talk to the outside world. You'd typically setup a NAT instance in your public subnet that tunnels your private subnet's internet to the outside world (because the NAT is in a public subnet, it can access the outside world).
That's just an example setup. It's a very powerful tool for securing your infrastructure. For example, you should typically put your databases, and anything that isn't password protected that stores information or something (except web servers) in a private network so that only your public servers have access to them.
User -> Public Network -> Public Server -> Private Network -> Private Server -> NAT (Tunnel) -> Public Network -> Internet
VPC does take quite a bit of effort to setup, but after that, it's pretty straightforward.
Once closed off from the world, only your servers within the public subnets can access those in the private subnet. By default, the private subnet can't talk to the outside world. You'd typically setup a NAT instance in your public subnet that tunnels your private subnet's internet to the outside world (because the NAT is in a public subnet, it can access the outside world).
That's just an example setup. It's a very powerful tool for securing your infrastructure. For example, you should typically put your databases, and anything that isn't password protected that stores information or something (except web servers) in a private network so that only your public servers have access to them.
User -> Public Network -> Public Server -> Private Network -> Private Server -> NAT (Tunnel) -> Public Network -> Internet
VPC does take quite a bit of effort to setup, but after that, it's pretty straightforward.