AWS Key Management Service (KMS) now provides visibility into the last cryptographic operation performed with your KMS keys, eliminating the need to manually query and analyze logs. This feature helps security administrators and compliance teams quickly determine when their KMS keys were last used for cryptographic operations. You can view the timestamp, the type of operation performed, and the associated AWS CloudTrail event ID from the AWS KMS management console, or via API.
You can use this feature to help identify unused keys for cleanup, verify that keys are actively used, and track down how your keys are used in AWS CloudTrail. In addition, you can use the new condition key (kms:TrailingDaysWithoutKeyUsage) that enables policy-based protection against accidental deletion of recently used keys.
The feature is available in all AWS Regions where AWS KMS is available, including all commercial AWS Regions, AWS GovCloud (US) Regions, and AWS China Regions. For more information, see Determine past usage of a KMS key in the AWS KMS Developer Guide.
Categories: marketing:marchitecture/security-identity-and-compliance,general:products/aws-govcloud-us,
general:products/aws-cryptography
,general:products/aws-kmsSource: Amazon Web Services
Latest Posts
- Durable Objects, Workers – New `us` jurisdiction for Durable Objects
- (Updated) Upcoming change: disabling Teams meeting recording expiration notification emails [MC1245635]
- (Updated) Extending AI in SharePoint using custom skills [MC1269209]
- Microsoft OneNote: Multimodal recording in Copilot Notebooks on Windows [MC1405506]
![Power Platform – PayGo not required with Self-Service Disaster Recovery (SSDR) [MC1293709]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pixabay-2363-150x150.webp "Power Platform - PayGo not required with Self-Service Disaster Recovery (SSDR) [MC1293709] 7")