How do you design VPCs, security groups, and network ACLs to secure data in transit at Amazon Services?