VPC / IAM / Security Group
Amazon Virtual Private Cloud permits users to logically separate virtual networks that host their AWS resources and provides you complete control over access to your AWS network.
Within a VPC, security groups act as a basic firewall and control what inbound and outbound connections are permitted to each given resource. For example, a security group can allow inbound HTTPS traffic to a proxy server but block all other inbound traffic.
With AWS Identity and Access Management (IAM), access to AWS resources and services can be controlled at a more fine-grained level. For example, IAM can be leveraged to control who or which resources can access S3 buckets used by Shotgun.