AWS Certified Cloud Practitioner

Explanation

AWS WAF (Web Application Firewall) is the correct service for this requirement because:

• AWS WAF is specifically designed to protect web applications from common web exploits by allowing you to create custom rules to filter and control incoming web traffic
• It can be deployed on Amazon CloudFront, Application Load Balancer (ALB), or API Gateway to protect web applications running on EC2 instances
• Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, but it doesn't provide custom filtering capabilities
• Amazon Macie is a data security service that uses machine learning to discover and protect sensitive data, not for web traffic filtering
• AWS Shield is a managed DDoS protection service that provides automatic protection against DDoS attacks, but doesn't offer custom rule-based filtering

AWS WAF allows you to create custom rules to block specific IP addresses, SQL injection patterns, cross-site scripting (XSS) attacks, and other web exploits, making it ideal for implementing custom conditions to filter inbound web traffic.