Amazon have a Virtual Private Cloud product. Chef has a few problems taking advantage of VPC:
(1) You must specify a new parameter subnetID to say which of your private subnets you want the instance to run under
(2) You cannot provide a groupSet as well as a subnetID
(3) Most of the AMIs we have tested have problems resolving hostname and any public DNS addresses, making startup really slow and apt-get updates fail
(4) By default, VPC gives out IP addresses sequentially, leading to problems with strict host key checking in SSH
We have modified Chef 0.9.8 (see http://github.com/tecnh/chef/tree/0.9.8-vpc for the fork) to work with VPC. Unfortunately, Fog also needs a few minor modifications to support the subnetID parameter, which you can find at http://github.com/tecnh/fog/tree/0.2.22-vpc
We have signed the corporate agreement and are waiting for approved developer status before progressing this ticket.