Because a VPC can't be attached to multiple Service Networks, the most common pattern will be to have a Service Network per VPC. This way people can attach the services they want to their Service Network. If they ever allow multiple Service Networks to be attached to a VPC, THEN you'll start seeing patterns like a Shared Services Service Network, in which a centralized team can build reusable service networks to share with their application teams. Without multiple VPC to Service Network attachments, I would never attach my app VPC to a Service Network that isn't managed by my team, because then I'd be limited to the services of that external Service Network. Let's say I attach my team's Prod VPC to the Shared "Service Network" of the company, right? What happens if I need to consume a service from Team B after that, that isn't considered a "shared company service" but instead a "team to team service". I wouldn't be able to consume this service because my VPC is already married to the Shared Service Network.
How would you expose one of these services to the internet, with HTTPS? is an external ALB coming into place? how would that work? any links on docs on how to do that?