AWS Certified Cloud Practitioner

AWS Config is the correct service for evaluating resource compliance against organizational standards and automatically remediating issues. Here's why:

AWS Config:

• Continuously monitors and records AWS resource configurations
• Allows you to define compliance rules (Config Rules) that check if resources comply with your organizational standards
• Provides automatic remediation capabilities through AWS Config Remediation Actions
• Helps with compliance auditing, security analysis, and change management

Why other options are incorrect:

• AWS CloudWatch: Primarily for monitoring and observability (metrics, logs, alarms)
• AWS Systems Manager: For operational management and automation, but not specifically designed for compliance evaluation against standards
• AWS Shield: AWS's DDoS protection service, not related to compliance evaluation

AWS Config's key features include:

1. Configuration History: Track changes to AWS resources over time
2. Config Rules: Define rules to evaluate resource compliance
3. Compliance Dashboard: View compliance status across resources
4. Remediation Actions: Automatically fix non-compliant resources
5. Integration: Works with AWS Security Hub and other security services