AWS CloudTrail is the correct service for reviewing user activity through API calls. It provides event history of AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This enables security analysis, resource change tracking, and compliance auditing.

Key features of AWS CloudTrail:

• Logs API calls and user activity across AWS services
• Provides visibility into user and resource activity
• Helps with security analysis and troubleshooting
• Supports compliance auditing

Other options explained:

• AWS WAF: Web Application Firewall that protects web applications from common web exploits
• Amazon Detective: Security service that analyzes, investigates, and identifies the root cause of security issues
• Amazon CloudWatch: Monitoring and observability service for AWS resources and applications