AWS Certified Cloud Practitioner

Explanation

AWS CloudTrail is the correct service for tracking user access to the AWS Management Console because:

• AWS CloudTrail is an AWS service that enables governance, compliance, operational auditing, and risk auditing of your AWS account
• It logs all API calls and console sign-in events, including who made the request, when it was made, and what actions were performed
• Specifically, CloudTrail captures console sign-in events that show when users access the AWS Management Console
• The event logs include timestamps, user identity, and the source IP address

Why the other options are incorrect:

• Amazon Cognito: This is a service for user identity and access management for web and mobile applications, not for tracking AWS console access
• Amazon Inspector: This is an automated security assessment service that helps improve security and compliance of applications deployed on AWS
• Amazon GuardDuty: This is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, but it doesn't specifically track console login timestamps

CloudTrail is specifically designed to provide an audit trail of AWS account activity, including console access events.