The requirement is to perform content inspection on all network traffic from a fleet of EC2 instances. This necessitates capturing the actual packet data, not just metadata. VPC Traffic Mirroring is the AWS feature designed for this purpose. It copies network traffic from a source (the EC2 instances' network interfaces) and sends it to a target for analysis. A Network Load Balancer (NLB) is a valid and scalable target for a mirror session, allowing traffic to be distributed to a fleet of inspection appliances. This setup directly meets the requirement for centralized content inspection.

A. VPC Flow Logs capture metadata about IP traffic (e.g., source/destination IPs, ports, packet count), not the actual packet content, making them unsuitable for content inspection.

C. Amazon Data Firehose is not a valid target for a VPC Traffic Mirroring session. The supported targets are a network interface or a Network Load Balancer.

D. This option also relies on VPC Flow Logs, which, as stated for option A, do not contain the packet payload required for content inspection.

1. AWS Documentation, VPC User Guide, "Traffic mirroring": "Traffic mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of an Amazon EC2 instance. You can then send the traffic to out-of-band security and monitoring appliances for deep packet inspection, content inspection, threat monitoring, and troubleshooting."

2. AWS Documentation, VPC User Guide, "Traffic mirroring targets": This section explicitly lists the valid targets for mirrored traffic. It states, "You can send the mirrored traffic to the following targets: A network interface [or] A Network Load Balancer that has a UDP listener." This confirms that an NLB is a supported target.

3. AWS Documentation, VPC User Guide, "VPC Flow Logs": "Flow logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC... Flow log data does not capture the contents of the traffic." This confirms that flow logs are insufficient for content inspection.