Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets?

Explanations:

Amazon Macie is specifically designed to discover, classify, and protect sensitive data in AWS services like Amazon S3. It uses machine learning and pattern matching to identify PII and other sensitive data.

Amazon Detective is used for analyzing and investigating security issues and incidents, but it does not focus on discovering sensitive data in S3 buckets.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, not for discovering sensitive data.

AWS IAM Access Analyzer helps identify resources in your AWS account that can be accessed from outside your account, but it does not specifically discover sensitive data in S3.