Which AWS service will meet these requirements?

Explanations:

Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior, but it does not provide filtering or control of inbound web traffic.

AWS WAF (Web Application Firewall) allows users to create custom rules to filter and control inbound web traffic based on specific conditions, such as IP addresses, HTTP headers, or specific query strings, making it suitable for this requirement.

Amazon Macie is a security service that uses machine learning to discover, classify, and protect sensitive data in AWS, particularly PII in S3 buckets, but it does not manage or filter web traffic to EC2 instances.

AWS Shield provides protection against DDoS attacks but does not offer the ability to implement custom filtering and control for inbound web traffic like AWS WAF does.