A VLAN (Virtualized [private] LAN) is a LAN all to yourself, on top of a real shared multitenant LAN, through the magic of virtualization.
So a VPC (Virtualized Private Cloud) is "a cloud" (e.g. the whole of AWS), all to yourself, on top of a real shared multitenant Cloud, through the magic of virtualization.
In both cases, the traffic going over the LAN or Cloud is isolated from other tenants by the virtualization mechanism, so you don't need to encrypt said traffic the way you would in an untrusted "just leasing several random VMs in separate racks in a colo and having them communicate over the colo's shared LAN" environment (which is what AWS's pre-VPC "Classic" EC2 environment was.)
Right. What really makes this work is that Amazon builds their own specialized routers.[1] They have a control plane hidden from their customers, one which lets them set customer-visible MAC and IP addresses more or less arbitrarily.
'All problems in computer science can be solved by another layer of indirection. But that usually will create another problem'. - David Wheeler.
So a VPC (Virtualized Private Cloud) is "a cloud" (e.g. the whole of AWS), all to yourself, on top of a real shared multitenant Cloud, through the magic of virtualization.
In both cases, the traffic going over the LAN or Cloud is isolated from other tenants by the virtualization mechanism, so you don't need to encrypt said traffic the way you would in an untrusted "just leasing several random VMs in separate racks in a colo and having them communicate over the colo's shared LAN" environment (which is what AWS's pre-VPC "Classic" EC2 environment was.)