Which solution will meet these requirements?
Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC
Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.
Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC.
Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC.
Explanations:
Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior, but it does not provide traffic inspection or filtering capabilities. It focuses on finding security threats rather than actively inspecting or filtering traffic.
Traffic Mirroring allows you to capture and inspect network traffic for specific instances, but it does not perform filtering or inspection by itself. It is typically used in conjunction with a traffic analysis tool rather than as a standalone solution for traffic filtering and inspection.
AWS Network Firewall is a managed firewall service that provides essential traffic inspection and filtering capabilities. It allows users to create rules to control and monitor traffic flowing into and out of their VPC, effectively replicating the functionality of an on-premises inspection server.
AWS Firewall Manager is a management tool for AWS WAF and AWS Shield that helps set up and manage security policies across accounts. While it can help manage rules, it does not provide the same level of traffic inspection and filtering capabilities as AWS Network Firewall.