AWS: VPC. Subnets. Route Tables. SGs. NACLs. IG. NAT GW/NAT Instance.

Azure: VPC is called Virtual Network, which I think is a better name personally. NSG and ASG.

GCP: VPC is tied to a single region. Subnets can span multiple zones within the region. Network tags, applies firewall rules to instances with a specific network tag. Firewall rules are both allow/deny can target IPs, Subnets, Network tags, service account. By default, all regions can talk to each other without touching the internet.