Which feature of AWS allows users to monitor and log activity in AWS accounts?

AWS CloudTrail is a service that enables users to monitor and log activity within their AWS accounts by recording API calls and related events. It provides event history of AWS account activity, which includes actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This logging capability is essential for auditing purposes as it allows users to track who made changes to resources, when those changes were made, and what specific changes occurred.

With CloudTrail, users can gain insights into their AWS usage patterns, detect potential security risks, and ensure compliance with internal policies or external regulations. Furthermore, the logs generated by CloudTrail can be integrated with other AWS services, such as Amazon S3 for storage or Amazon CloudWatch for monitoring, which enhances the overall visibility and management of resources.

While other services like AWS Config monitor the configuration of resources and CloudWatch tracks metrics and logs for operational health, CloudTrail is specifically designed for logging API activity which is critical for security and compliance auditing. Therefore, the ability of AWS CloudTrail to log and monitor activity in AWS accounts makes it the correct choice for this question.