AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2026-04-28 · Documentation medium

File: kms/latest/developerguide/finding-keys.md

Summary

Added 'Last used' tracking documentation and updated screenshot

Security assessment

Documents new security monitoring capability showing last cryptographic operation timestamp, which aids security audits. This is a security feature enhancement but doesn't address a specific vulnerability.

Diff

diff --git a/kms/latest/developerguide/finding-keys.md b/kms/latest/developerguide/finding-keys.md
index 68299cf64..e3a8b8e7b 100644
--- a//kms/latest/developerguide/finding-keys.md
+++ b//kms/latest/developerguide/finding-keys.md
@@ -38 +38 @@ If the KMS key has multiple aliases, an alias summary (**+_n_ more**) appears be
-![AWS KMScustomer managed key details showing general and cryptographic configurations.](/images/kms/latest/developerguide/images/console-key-detail-view-symmetric-sm.png)
+![](/images/kms/latest/developerguide/images/console-key-detail-view-symmetric-sym.png)
@@ -154,0 +155,9 @@ The cryptographic operations that are enabled on the [external key](./keystore-e
+**Last used**
+    
+
+Where: General configuration section
+
+The last time the KMS key was used in a cryptographic operation, displayed as a relative value such as _5 days ago_. This value only covers usage since AWS KMS started tracking usage for this key. Hover over the value to view the exact timestamp, the date when AWS KMS started tracking usage, the AWS KMS operation that was performed, and a link to the associated AWS CloudTrail event.
+
+This field tracks only [cryptographic operations](./kms-cryptography.html#cryptographic-operations). Non-cryptographic operations such as [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) or [GetKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyPolicy.html) are not tracked.
+