This is a typical networking architecture.
You start by choosing a region. Inside that region you create a VPC with at least two AZ.
A virtual network dedicated to your AWS account. You can launch AWS resources into a VPC. VPC closely resembles a traditional on-premises network. Has a private address space. You can create subnets in a VPC.
There are services which you can put inside your VPC. For example an EC2 instance or Elastic Load Balancing etc. However there are other Amazon Managed services such as AWS Lambda, Amazon S3 bucket which can be used but they are outside the VPC.
The CIDR notation has two components:
The base IP represents the IP contained in the range.
The subnet mask defines how many bits can change the IP.
In AWS, the largest supported subnet mask is /16.
When creating a subnet in a VPC, you must choose which AZ to put the subnet in.
Creating an EC2 instance in a subnet will automatically assign it a private IP address within the subnet range. Or you can specify an IP yourself.