Identify the AWS service that functions as a subnet-level firewall within a Virtual Private Cloud (VPC).