When we create an EC2 instance we can specify a specific VPC and a subnet of it. But when we create a S3 bucket, we only have the option to select a specific region only. Does this mean that the S3 buckets we create are residing in the default VPC of that Region? Or am I interpreting wrong about how S3 buckets work? If so how does creating an EC2 instance and Creating a S3 bucket change in respect to VPC?
S3 as a PaaS service, fully managed by AWS, lives outside of any custom VPC. For security reasons you should make it accessible only from your VPC with VPC Endpoints if the content you are going to store on S3 musn't be available from the public Internet - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html