Summary

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you defined. These resources can be public (so they have access to the internet) or private (with no internet access). These resources are called subnets.

EC2 instances and Elastic Load Balancers (ELBs) are placed inside the VPC. And, as was mentioned above, resources are placed into different subnets. Subnets are chunks of ip addressess in VPC that allow to group resources together. Subnets control whether the resources are publicly or privately available.
In order for the network traffic to flow in and out of the VPC, the service called Internet Gateway is used.
Virtual Private Gateway is used for filtering the network traffic and allow only those packets that come from an approved network, not the public internet. It allows to create VPN connection from private network to the VPC.
AWS Direct Connect allows to establish a completely private dedicated fiber connection from your data center to AWS

Network Access Control List (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level. AWS account’s default network access control list is stateless and allows all inbound and outbound traffic
Security groups resolve instance level access questions. Every EC2 instance that launched comes with a security group. By default, the security group forbids any traffic into the instance at all, and allows all traffic going out of the instance.
Unlike Network ACL, the Security Group is stateful.

Amazon Route 53 is a Domain Name Service in AWS
Amazon CloudFront is a Content delivery network (CDN) : a network that delivers edge content to users based on their geographic location