AWS Key Management Service (KMS) now provides visibility into the last cryptographic operation performed with your KMS keys, eliminating the need to manually query and analyze logs. This feature helps security administrators and compliance teams quickly determine when their KMS keys were last used for cryptographic operations. You can view the timestamp, the type of operation performed, and the associated AWS CloudTrail event ID from the AWS KMS management console, or via API.
You can use this feature to help identify unused keys for cleanup, verify that keys are actively used, and track down how your keys are used in AWS CloudTrail. In addition, you can use the new condition key (kms:TrailingDaysWithoutKeyUsage) that enables policy-based protection against accidental deletion of recently used keys.
The feature is available in all AWS Regions where AWS KMS is available, including all commercial AWS Regions, AWS GovCloud (US) Regions, and AWS China Regions. For more information, see Determine past usage of a KMS key in the AWS KMS Developer Guide.
Categories: marketing:marchitecture/security-identity-and-compliance,general:products/aws-govcloud-us,
general:products/aws-cryptography
,general:products/aws-kmsSource: Amazon Web Services
Latest Posts
- Amazon EVS enables support for 32 hosts per environment
- (Updated) Planner is now available in Outlook and Microsoft 365 Copilot [MC1309747]
- AWS SAM CLI adds AWS CloudFormation Language Extensions support to accelerate local serverless development
- (Updated) Outlook: Improved handling of disallowed and failed email reactions [MC1261593]
![Power Platform – PayGo not required with Self-Service Disaster Recovery (SSDR) [MC1293709]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-pixabay-2363-150x150.webp "Power Platform - PayGo not required with Self-Service Disaster Recovery (SSDR) [MC1293709] 7")