What is the best way to make a private ipfs network secure on aws?

I was thinking in terms of a vpn, vpc, subnets, I wondered if anyone had a view about this.

As long as you keep your swarm.key secret, nobody can join or read. Traffic is encrypted.

Note: if you’re looking for the foolproof “most secure” and you can use a VPN, use it. However, you’ll need to make sure IPFS doesn’t try to dial outside of the VPN.