Which AWS service should be used to implement a stateful firewall for an Amazon RDS instance within a VPC to restrict traffic to a private corporate network?