Which service can monitor the compliance of your AWS Organizations?

AWS Config is the service that continuously records how your AWS resources are configured and checks those configurations against defined rules. In an AWS Organization, you can enable Config in each member account and use a Config Aggregator in the management account to get a consolidated view of compliance across all accounts. You can define Config Rules to specify what compliant configurations look like, and Conformance Packs to apply a standard set of rules across the organization. This makes it possible to detect noncompliant resources, track changes over time, and even trigger remediations. The other options don’t provide this cross-account, rule-driven configuration compliance monitoring: License Manager focuses on licenses, the Management Console is a UI, and Control Tower offers guardrails and governance but not the direct, centralized configuration-compliance evaluation across an entire Organization.