Which AWS service or feature will meet this requirement?

Explanations:

Routing tables are used to determine where network traffic is directed, but they do not provide security controls or filtering capabilities for traffic between subnets.

Network access control lists (network ACLs) act as a firewall for controlling traffic in and out of subnets within a VPC. They provide stateless filtering at the subnet level, allowing you to permit or deny traffic based on specified rules.

Security groups function as stateful firewalls associated with EC2 instances, controlling inbound and outbound traffic at the instance level. However, they do not apply to subnets directly, which makes them less suitable for a VPC-wide firewall.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior but does not function as a firewall to control subnet traffic. It provides insights and alerts rather than direct traffic control.