Which AWS service or feature should the company use to meet this requirement?

Explanations:

AWS WAF (Web Application Firewall) is specifically designed to protect web applications from various threats, including SQL injection attacks, by allowing you to create custom security rules.

Network ACLs (Access Control Lists) are used to control inbound and outbound traffic at the subnet level but do not specifically protect against SQL injection attacks on web applications.

Security groups act as virtual firewalls for EC2 instances and control traffic at the instance level, but they do not provide protection against application layer attacks like SQL injection.

AWS Certificate Manager (ACM) is used for managing SSL/TLS certificates, which helps secure data in transit but does not specifically protect against SQL injection attacks.