Most organizations today run their production workloads inside Amazon Virtual Private Cloud (Amazon VPC). This software-defined network structure provides the boundaries that are needed for the security that an organization and its customers require. For most organizations, the natural evolution in their architecture, security, and environment involves migrating from a single VPC to multiple VPCs in the same AWS Region and across many other AWS Regions. The question of how to enforce security policies while simplifying the flow of traffic between multiple VPCs, the data center, and remote offices while adhering to AWS best practices becomes an intricate one to answer. In this chalk talk, we provide solutions to scenarios like these and more. Topics include Amazon security groups, NACLs, static and dynamic VPNs, AWS Direct Connect, IPS and IDS, transit VPC architectures, designing for security, and more.