A company wants to migrate their on-premises applications to AWS but is concerned about losing visibility into their infrastructure. Which AWS service provides a centralized inventory of all AWS resources and tracks configuration changes over time?
Config maintains a complete inventory of AWS resources with full configuration history, enabling compliance evaluation, change tracking, and resource relationship mapping.
Why this answer
AWS Config is the correct service because it provides a centralized inventory of all AWS resources and continuously tracks configuration changes over time. It enables you to assess, audit, and evaluate the configurations of your AWS resources against desired policies, giving you full visibility into infrastructure state and history.
Exam trap
The trap here is that candidates often confuse AWS Config with AWS CloudTrail, mistakenly thinking CloudTrail's API logging provides configuration tracking, but CloudTrail only records who made the call, not the resulting configuration state or history.
How to eliminate wrong answers
Option A is wrong because AWS CloudTrail records API activity and user actions for auditing, but it does not provide a resource inventory or track configuration state changes over time. Option C is wrong because Amazon CloudWatch monitors performance metrics, logs, and alarms, but it is not designed to inventory resources or track configuration history. Option D is wrong because AWS Systems Manager Inventory collects software inventory and patch data from managed instances, but it does not provide a centralized inventory of all AWS resources or track configuration changes across the entire AWS environment.