Which AWS service should the company use?

Explanations:

AWS Config is designed to assess, audit, and evaluate the configurations of AWS resources. It allows for tracking changes in configurations over time and provides detailed compliance information, making it suitable for recording and evaluating configuration changes and performing remediation actions.

AWS Secrets Manager is used for managing sensitive information such as passwords and API keys, allowing for secure storage and rotation of these secrets. It does not focus on configuration change management or compliance evaluation.

AWS CloudTrail records AWS API calls and activity for account auditing and monitoring but does not evaluate or enforce compliance on resource configurations. It provides logs for tracking but lacks the capability to assess configuration changes or perform remediation actions.

AWS Trusted Advisor offers best practices and recommendations to optimize AWS resources but does not track configuration changes or provide compliance evaluations. It is more focused on cost optimization, performance, security, and fault tolerance rather than compliance management.