What do you like best?
VPC (Virtual Private Cloud) is a very simple solution to implement either manually or through the wizard which will configure the network for you automatically, which allows you to create cloud based resources with private IP space.
You assign a CIDR block (typically /16 although configurable) to your VPC and then carve up subnets within that addressable space. Subnets are bound to Availability Zones - that is independent data centers within a particular AWS region. It is just a couple of clicks to create subnets to which your resources can be assigned.
A virtual private gateway can be created with a few mouse clicks to establish a VPN tunnel to your on-prem networks, a NAT gateway can be created to allow your non-public IP based hosts to access the Internet, and finally a Internet gateway can be created to allow hosts with public IPs to accept non-solicited traffic from the Internet
A main route table is created for you that handles all of the inter-subnet routing on your behalf. The only routing you have to manually add is identifying with of the above gateways to send traffic through, e.g. my on-prem network is 192.168.x.x and it should go through my virtual private gateway. All Internet traffic should route through my NAT Gateway, so 0.0.0.0 (default route) should go through here
Extremely simple to implement, can stand all of the networking up in less than 10 minutes
What do you dislike?
There is some layer of abstraction that prevents the network team from having the amount of control they are used to. Keep in mind that AWS is a layer-3 network, and as such some of the familiar layer-2 concepts are no longer in play. Not a dislike per se, but something to be aware of
Recommendations to others considering the product:
It is really the only option to use if leveraging EC2 resources. If you have an older account, you may have been set up with an EC2-Classic account, but there would be no reason not to upgrade the older account
All newer accounts using EC2-based prodcuts will automatically launch as EC2-VPC
What problems are you solving with the product? What benefits have you realized?
We have securely migrated some of our production workloads to AWS using a VPC based network
We have only a few externally accessible endpoints to our application, while wishing to expose those to the Internet we wanted to ensure that our back-end systems, databases, etc had no presence on the Internet while allowing our on-premise user base to continue to access those systems for general maintenance and support. Running our systems in a VPC allows us to achieve all of these objectives, while also allowing us to operate separate VPCs for dev/test environments to allow for more network seperation, also a key design goal of ours