The Amazon VPC architecture is designed according to AWS best practices and includes public and private subnets. The first set of private subnets shares the default network access control list (ACL) from the Amazon VPC, and a second, optional set of private subnets include dedicated custom network ACLs per subnet. The Quick Start divides the Amazon VPC address space in a predictable manner across multiple Availability Zones, and deploys either NAT instances or NAT gateways for outbound Internet access, depending on the AWS Region you deploy the Quick Start in.