AWS KMS now tracks last usage of all KMS keys

[AWS Key Management Service (KMS)](https://aws.amazon.com/kms/) now provides visibility into the last cryptographic operation performed with your KMS keys, eliminating the need to manually query and analyze logs. This feature helps security administrators and compliance teams quickly determine when their KMS keys were last used for cryptographic operations. You can view the timestamp, the type of operation performed, and the associated AWS CloudTrail event ID from the AWS KMS management console, or via API. You can use this feature to help identify unused keys for cleanup, verify that keys are actively used, and track down how your keys are used in AWS CloudTrail. In addition, you can use the [new condition key](https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html) (kms:TrailingDaysWithoutKeyUsage) that enables policy-based protection against accidental deletion of recently used keys. The feature is available in all AWS Regions where AWS KMS is available, including all commercial AWS Regions, AWS GovCloud (US) Regions, and AWS China Regions. For more information, see [Determine past usage of a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/monitoring-keys-determining-usage.html) in the AWS KMS Developer Guide.