Access control implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
A typical example of this is in ERPs where access controls defines what access codes a process owner has and what access a reviewer and an approval has. Where a personnel has access to carry out a transaction, review and approve the transaction, access controls are said to be deficient.
VPC, Subnets, Route Table(s), Nat Gateway, and Internet Gateway. These are the least required services to provide internet access to a private EC2 instance. NAT gateway requires an internet gateway.
