2026/05/20 - 3 updated api methods
Changes AWS KMS now supports creating grants for AWS service principals using new GranteeServicePrincipal and RetiringServicePrincipal parameters. This release adds SourceArn grant constraint and three condition keys for controlling CreateGrant access. For more information, see Grants in AWS KMS.
2026/04/27 - 1 new api methods
Changes KMS GetKeyLastUsage API provides information on the last successful cryptographic operation performed on KMS keys. This new API provides KMS customers with the last timestamp, CloudTrail eventId, and the cryptographic operation that was performed on the key.
2026/02/16 - 2 updated api methods
Changes Added support for Decrypt and ReEncrypt API's to use dry run feature without ciphertext for authorization validation
2025/11/21 - 1 updated api methods
Changes Support for on-demand rotation of AWS KMS Multi-Region keys with imported key material
2025/11/07 - 8 updated api methods
Changes Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec
2025/10/30 - 3 updated api methods
Changes Add cross account VPC endpoint service connectivity support to CustomKeyStore.
2025/06/12 - 6 updated api methods
Changes AWS KMS announces the support of ML-DSA key pairs that creates post-quantum safe digital signatures.
2025/06/05 - 13 updated api methods
Changes AWS KMS announces the support for on-demand rotation of symmetric-encryption KMS keys with imported key material (EXTERNAL origin).
2024/06/13 - 1 new 7 updated api methods
Changes This feature allows customers to use their keys stored in KMS to derive a shared secret which can then be used to establish a secured channel for communication, provide proof of possession, or establish trust with other parties.