AWS Certified Cloud Practitioner

AWS CloudTrail is the correct answer because it is specifically designed to monitor and log API calls made to AWS services, including Amazon Bedrock. CloudTrail records all API requests, including who made the request, the services used, and any potential unauthorized access attempts. This information can then be used to identify unauthorized users and to adjust IAM policies and roles accordingly.

AWS Audit Manager is incorrect because it is used to automate evidence collection for audits and compliance, but it is not specifically designed for tracking API calls or identifying unauthorized access attempts.

Amazon Fraud Detector is incorrect because it is designed to identify fraudulent activities and transactions, not to monitor API access or unauthorized usage of AWS services.

AWS Trusted Advisor is incorrect because it provides best practice recommendations to optimize AWS resources, improve security, and reduce costs, but it does not provide detailed logs of API access or unauthorized usage attempts.