AWS Key Management Service
(kms)
IAM Changes
Services
2026-04-28
2026-04-28
1 new action, 1 new condition | 2 updated actions
Additions
Actions
GetKeyLastUsage
Description:
Controls permission to view the last usage of an AWS KMS key
Access:
Read
Resources:
Name: key
Required: Yes
Conditions:
kms:CallerAccount
kms:ViaService
Conditions
kms:TrailingDaysWithoutKeyUsage
Description:
Filters access to the ScheduleKeyDeletion and DisableKey operations based on the number of days since the AWS KMS key was last used
Type:
Numeric
Updates
Actions
DisableKey
Conditions
+ kms:TrailingDaysWithoutKeyUsage
Sign
Conditions
+ kms:TrailingDaysWithoutKeyUsage