You can use Amazon Virtual Private Cloud to create a logically isolated section of the AWS Cloud. Within the VPC, you can define your desired IP address range, create subnets, configure route tables, and so forth. You can also use a network gateway to connect the VPC to your existing on-premises network using a hardware Virtual Private Network (VPN) connection. The VPN running in the AWS Cloud (also known as a VPN gateway or VGW) communicates with a customer gateway (CGW) on your network or in your data center (read about Your Customer Gateway to learn more).
Source: EC2 VPC VPN Update – NAT Traversal, Additional Encryption Options, and More | AWS Official Blog
This raises some interesting possibilities for secure applications that would benefit from the heightened security for the data being moved.