AWS kms documentation change
Summary
Added 'Last used' tracking documentation and updated screenshot
Security assessment
Documents new security monitoring capability showing last cryptographic operation timestamp, which aids security audits. This is a security feature enhancement but doesn't address a specific vulnerability.
Diff
diff --git a/kms/latest/developerguide/finding-keys.md b/kms/latest/developerguide/finding-keys.md index 68299cf64..e3a8b8e7b 100644 --- a//kms/latest/developerguide/finding-keys.md +++ b//kms/latest/developerguide/finding-keys.md @@ -38 +38 @@ If the KMS key has multiple aliases, an alias summary (**+_n_ more**) appears be - + @@ -154,0 +155,9 @@ The cryptographic operations that are enabled on the [external key](./keystore-e +**Last used** + + +Where: General configuration section + +The last time the KMS key was used in a cryptographic operation, displayed as a relative value such as _5 days ago_. This value only covers usage since AWS KMS started tracking usage for this key. Hover over the value to view the exact timestamp, the date when AWS KMS started tracking usage, the AWS KMS operation that was performed, and a link to the associated AWS CloudTrail event. + +This field tracks only [cryptographic operations](./kms-cryptography.html#cryptographic-operations). Non-cryptographic operations such as [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) or [GetKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyPolicy.html) are not tracked. +