Which statement best describes the role of AWS Config rules in multi-account governance?

AWS Config rules continuously evaluate resource configurations against defined desired states. They scan resources, compare their current configurations to the rules you set, and report whether each resource is compliant or noncompliant. This ongoing evaluation is what enables governance across many accounts and regions, especially when you use features like AWS Organizations and Config Aggregator to centralize and monitor compliance in a multi-account environment. The rules don’t create resources or change infrastructure automatically, and they aren’t used for collecting general operational metrics. They also don’t replace CloudTrail, since CloudTrail logs API activity while AWS Config tracks configuration state and changes over time.