All of our network environments are hosted on a Virtual Private Cloud Network (VPC) on Amazon Web Services. Our Production networks are separated into public and internal services. Incoming internet traffic is not allowed on private subnets, and all application servers reside on private networks that do not have public IP addresses. The load balancers, managed and maintained by Amazon, are the only ones who have inbound access to the internal servers of the application. Additionally, we have firewalls and strict security groups that control incoming and outgoing access to servers. Access to the servers we use is strictly limited, and no external traffic is allowed to them.