These are not equivalent tools, even though both are competitors in the domain of cloud computing. Amazon delivers Infrastructure as a Service (IaaS), which is basically a server that you rent by the hour and you can run your .NET app on it. It's just a server, nothing more, nothing less. Microsoft Azure, on the other hand, is Platform as a Service (PaaS), which is a platform where you can deploy your code, without ever needing to touch the underlying operating system. Learn more about IaaS and PaaS differences here: http://blog.labslice.com/2011/02/iaas-and-paas-to-disappear-by-2012.html
You can run your .NET application on either EC2 or Azure, and in most cases this will not involve significant code changes. Your choice of tool should really depend on our business requirements: Do you want to abstract away the platform or be able to tweak it with ease, do you want automatic scalability or scalability that you can control exactly to your needs, do you want access to non-Mircosoft tools etc. etc.?
Also, a VPN is a separate matter altogether. If you're running a public website then VPN is not required as you want to give people access to your service. If you're running these sites within the confines of your corporate walls, then you will likely want to look at implementing a VPN.