How do you approach VPC design, security groups, and IAM roles to ensure secure networking within an AWS environment?