In the AWS cloud, you can set up a software-defined network called virtual private cloud (VPC). Similar to a physical network, each VPC has its own IP addresses, subnets, route tables, and firewalls. You can organize your multiple instances by locking them in a VPC and set up a different network configuration for each cluster of instances, like so:
VPC is there to protect your resources. Without such system in place, all of your resources in your AWS account are exposed to the public Internet unguarded. Apparently, AWS used to be lacking this security feature until it enforced a VPC by default for every new instance in 2009. With VPC, you can have control over what traffic you want to allow or deny to reach your resources.
This also means that you would need to configure some stuff. Specifically, you will be prompted to select the IP address range, create subnets, configure route table, set up network gateways, define security setting using security groups and network access control lists (ACLs). Lots of AWS lingos and design concerns here. These concepts will make a lot more sense when you actually apply to your application. So now it is your turn to sign into your console and create your own custom VPC.