Multi-AZ VPC architecture spanning two availability zones with public and private subnets for resilient hybrid connectivity. Internet Gateway routes external traffic through redundant NAT Gateways in Public Subnets A and B to EC2 instances in isolated private subnets. Virtual Private Gateway establishes secure VPN tunnel from on-premises network to private workloads across both AZs. This pattern ensures high availability with automatic failover while maintaining strict network segmentation for compliance. Fork this diagram on Diagrams.so to customize CIDR ranges or add additional AZs for your deployment.