`network` Map The `network` section contains parameters for connecting to AWS resources in a VPC. network.`connect` Bool or Map Enable [Service Connect](../developing/svc-to-svc-communication.en.md#service-connect) for your service, which makes the traffic between services load balanced and more resilient. Defaults to `false`. When using it as a map, you can specify which alias to use for this service. Note that the alias must be unique within the environment. network.connect.`alias` String A custom DNS name for this service exposed to Service Connect. Defaults to the service name. network.`vpc` Map Subnets and security groups attached to your tasks. network.vpc.`placement` String or Map When using it as a string, the value must be one of `'public'` or `'private'`. Defaults to launching your tasks in public subnets. !!! info If you launch tasks in `'private'` subnets and use a Copilot-generated VPC, Copilot will automatically add NAT Gateways to your environment for internet connectivity. (See [pricing](https://aws.amazon.com/vpc/pricing/).) Alternatively, when running `copilot env init`, you can import an existing VPC with NAT Gateways, or one with VPC endpoints for isolated workloads. See our [custom environment resources](../developing/custom-environment-resources.en.md) page for more. When using it as a map, you can specify in which subnets Copilot should launch ECS tasks. For example: ```yaml network: vpc: placement: subnets: ["SubnetID1", "SubnetID2"] ``` network.vpc.placement.`subnets` Array of Strings or Map As a list of strings, the subnet IDs where Copilot should launch ECS tasks. As a map, the name-value pairs by which to filter your subnets. Note that the filters are joined with an `AND`, and the values for each filter are joined by an `OR`. For example, both subnets with tag set `org: bi` and `type: public`, and subnets with tag set `org: bi` and `type: private` will be matched by ```yaml network: vpc: placement: subnets: from_tags: org: bi type: - public - private ``` network.vpc.placement.subnets`from_tags` Map of String and String or Array of Strings Tag sets by which to filter subnets where Copilot should launch ECS tasks. network.vpc.`security_groups` Array of Strings or Map Additional security group IDs associated with your tasks. ```yaml network: vpc: security_groups: [sg-0001, sg-0002] ``` Copilot includes a security group so containers within your environment can communicate with each other. To disable the default security group, you can specify the `Map` form: ```yaml network: vpc: security_groups: deny_default: true groups: [sg-0001, sg-0002] ``` network.vpc.security_groups.`from_cfn` String The name of a [CloudFormation stack export](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html). network.vpc.security_groups.`deny_default` Boolean Disable the default security group that allows ingress from all services in your environment. network.vpc.security_groups.`groups` Array of Strings Additional security group IDs associated with your tasks. network.vpc.security_groups.groups`from_cfn` String The name of a [CloudFormation stack export](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html).