In my experience non-cloud networks run by professionals rarely use compute-side firewalls in general, and VPC is a powerful analogue for this. AWS VPC and security groups expose the entirety of your network configuration in a single location with easy ways to visualize it and manipulate it. They are also a lot easier for someone who is not a network specialist to correctly work with; "only allow network access over port X from machines tagged with security group A" is trivial (using an additional layer atop VPC's lower-level subnet/route table/gateway primitives).

I don't remember the last time I configured a compute-side firewall, whether in a cloud environment, a physical network environment, or in my home (my router does VLANs and allows rules between them).