Which AWS service is primarily used for centralized logging and audit trails?

AWS CloudTrail is primarily used for centralized logging and audit trails, making it the correct choice for this question. CloudTrail automatically records and logs API calls made within an AWS account, providing detailed information about the actions taken by users, roles, and services. This capability is crucial for monitoring and auditing usage across the AWS environment, as it enables organizations to track changes, investigate security incidents, and maintain compliance with regulatory requirements.

CloudTrail organizes logs into easily searchable event history, which users can analyze to understand who did what and when. It also allows for the automation of log management tasks by integrating with other AWS services, such as Amazon S3 for storage and Amazon Athena for querying.

While other services mentioned have their specific functionalities, they do not serve the primary purpose of centralized logging and audit trails in the same way that CloudTrail does. For instance, AWS Config is focused on resource configuration and compliance rather than logging actions. AWS CloudWatch is primarily used for monitoring and observability, providing insights into application performance and operational health. AWS Security Hub aggregates security alerts and findings but does not specialize in logging the full history of API calls made across the AWS environment.