@aws-sdk/client-kms 3.1037.0 → 3.1039.0

package/README.md

@@ -453,6 +453,13 @@ GenerateRandom
 </details>
 <details>
 <summary>
+GetKeyLastUsage
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/GetKeyLastUsageCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/GetKeyLastUsageCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/GetKeyLastUsageCommandOutput/)
+</details>
+<details>
+<summary>
 GetKeyPolicy
 </summary>
 

package/dist-cjs/index.js

@@ -413,6 +413,18 @@ class GenerateRandomCommand extends smithyClient.Command
     .build() {
 }
 
+class GetKeyLastUsageCommand extends smithyClient.Command
+    .classBuilder()
+    .ep(commonParams)
+    .m(function (Command, cs, config, o) {
+    return [middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
+})
+    .s("TrentService", "GetKeyLastUsage", {})
+    .n("KMSClient", "GetKeyLastUsageCommand")
+    .sc(schemas_0.GetKeyLastUsage$)
+    .build() {
+}
+
 class GetKeyPolicyCommand extends smithyClient.Command
     .classBuilder()
     .ep(commonParams)
@@ -791,6 +803,7 @@ const commands = {
     GenerateDataKeyWithoutPlaintextCommand,
     GenerateMacCommand,
     GenerateRandomCommand,
+    GetKeyLastUsageCommand,
     GetKeyPolicyCommand,
     GetKeyRotationStatusCommand,
     GetParametersForImportCommand,
@@ -1015,6 +1028,20 @@ const DryRunModifierType = {
 const KeyEncryptionMechanism = {
     RSAES_OAEP_SHA_256: "RSAES_OAEP_SHA_256",
 };
+const KeyLastUsageTrackingOperation = {
+    Decrypt: "Decrypt",
+    DeriveSharedSecret: "DeriveSharedSecret",
+    Encrypt: "Encrypt",
+    GenerateDataKey: "GenerateDataKey",
+    GenerateDataKeyPair: "GenerateDataKeyPair",
+    GenerateDataKeyPairWithoutPlaintext: "GenerateDataKeyPairWithoutPlaintext",
+    GenerateDataKeyWithoutPlaintext: "GenerateDataKeyWithoutPlaintext",
+    GenerateMac: "GenerateMac",
+    ReEncrypt: "ReEncrypt",
+    Sign: "Sign",
+    Verify: "Verify",
+    VerifyMac: "VerifyMac",
+};
 const WrappingKeySpec = {
     RSA_2048: "RSA_2048",
     RSA_3072: "RSA_3072",
@@ -1087,6 +1114,7 @@ exports.GenerateDataKeyPairWithoutPlaintextCommand = GenerateDataKeyPairWithoutP
 exports.GenerateDataKeyWithoutPlaintextCommand = GenerateDataKeyWithoutPlaintextCommand;
 exports.GenerateMacCommand = GenerateMacCommand;
 exports.GenerateRandomCommand = GenerateRandomCommand;
+exports.GetKeyLastUsageCommand = GetKeyLastUsageCommand;
 exports.GetKeyPolicyCommand = GetKeyPolicyCommand;
 exports.GetKeyRotationStatusCommand = GetKeyRotationStatusCommand;
 exports.GetParametersForImportCommand = GetParametersForImportCommand;
@@ -1100,6 +1128,7 @@ exports.KMS = KMS;
 exports.KMSClient = KMSClient;
 exports.KeyAgreementAlgorithmSpec = KeyAgreementAlgorithmSpec;
 exports.KeyEncryptionMechanism = KeyEncryptionMechanism;
+exports.KeyLastUsageTrackingOperation = KeyLastUsageTrackingOperation;
 exports.KeyManagerType = KeyManagerType;
 exports.KeyMaterialState = KeyMaterialState;
 exports.KeySpec = KeySpec;

package/dist-cjs/schemas/schemas_0.js

@@ -1,10 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.errorTypeRegistries = exports.XksProxyVpcEndpointServiceNotFoundException$ = exports.XksProxyVpcEndpointServiceInvalidConfigurationException$ = exports.XksProxyVpcEndpointServiceInUseException$ = exports.XksProxyUriUnreachableException$ = exports.XksProxyUriInUseException$ = exports.XksProxyUriEndpointInUseException$ = exports.XksProxyInvalidResponseException$ = exports.XksProxyInvalidConfigurationException$ = exports.XksProxyIncorrectAuthenticationCredentialException$ = exports.XksKeyNotFoundException$ = exports.XksKeyInvalidConfigurationException$ = exports.XksKeyAlreadyInUseException$ = exports.UnsupportedOperationException$ = exports.TagException$ = exports.NotFoundException$ = exports.MalformedPolicyDocumentException$ = exports.LimitExceededException$ = exports.KMSInvalidStateException$ = exports.KMSInvalidSignatureException$ = exports.KMSInvalidMacException$ = exports.KMSInternalException$ = exports.KeyUnavailableException$ = exports.InvalidMarkerException$ = exports.InvalidKeyUsageException$ = exports.InvalidImportTokenException$ = exports.InvalidGrantTokenException$ = exports.InvalidGrantIdException$ = exports.InvalidCiphertextException$ = exports.InvalidArnException$ = exports.InvalidAliasNameException$ = exports.IncorrectTrustAnchorException$ = exports.IncorrectKeyMaterialException$ = exports.IncorrectKeyException$ = exports.ExpiredImportTokenException$ = exports.DryRunOperationException$ = exports.DisabledException$ = exports.DependencyTimeoutException$ = exports.CustomKeyStoreNotFoundException$ = exports.CustomKeyStoreNameInUseException$ = exports.CustomKeyStoreInvalidStateException$ = exports.CustomKeyStoreHasCMKsException$ = exports.ConflictException$ = exports.CloudHsmClusterNotRelatedException$ = exports.CloudHsmClusterNotFoundException$ = exports.CloudHsmClusterNotActiveException$ = exports.CloudHsmClusterInvalidConfigurationException$ = exports.CloudHsmClusterInUseException$ = exports.AlreadyExistsException$ = exports.KMSServiceException$ = void 0;
-exports.GetKeyRotationStatusResponse$ = exports.GetKeyRotationStatusRequest$ = exports.GetKeyPolicyResponse$ = exports.GetKeyPolicyRequest$ = exports.GenerateRandomResponse$ = exports.GenerateRandomRequest$ = exports.GenerateMacResponse$ = exports.GenerateMacRequest$ = exports.GenerateDataKeyWithoutPlaintextResponse$ = exports.GenerateDataKeyWithoutPlaintextRequest$ = exports.GenerateDataKeyResponse$ = exports.GenerateDataKeyRequest$ = exports.GenerateDataKeyPairWithoutPlaintextResponse$ = exports.GenerateDataKeyPairWithoutPlaintextRequest$ = exports.GenerateDataKeyPairResponse$ = exports.GenerateDataKeyPairRequest$ = exports.EncryptResponse$ = exports.EncryptRequest$ = exports.EnableKeyRotationRequest$ = exports.EnableKeyRequest$ = exports.DisconnectCustomKeyStoreResponse$ = exports.DisconnectCustomKeyStoreRequest$ = exports.DisableKeyRotationRequest$ = exports.DisableKeyRequest$ = exports.DescribeKeyResponse$ = exports.DescribeKeyRequest$ = exports.DescribeCustomKeyStoresResponse$ = exports.DescribeCustomKeyStoresRequest$ = exports.DeriveSharedSecretResponse$ = exports.DeriveSharedSecretRequest$ = exports.DeleteImportedKeyMaterialResponse$ = exports.DeleteImportedKeyMaterialRequest$ = exports.DeleteCustomKeyStoreResponse$ = exports.DeleteCustomKeyStoreRequest$ = exports.DeleteAliasRequest$ = exports.DecryptResponse$ = exports.DecryptRequest$ = exports.CustomKeyStoresListEntry$ = exports.CreateKeyResponse$ = exports.CreateKeyRequest$ = exports.CreateGrantResponse$ = exports.CreateGrantRequest$ = exports.CreateCustomKeyStoreResponse$ = exports.CreateCustomKeyStoreRequest$ = exports.CreateAliasRequest$ = exports.ConnectCustomKeyStoreResponse$ = exports.ConnectCustomKeyStoreRequest$ = exports.CancelKeyDeletionResponse$ = exports.CancelKeyDeletionRequest$ = exports.AliasListEntry$ = void 0;
-exports.VerifyMacResponse$ = exports.VerifyMacRequest$ = exports.UpdatePrimaryRegionRequest$ = exports.UpdateKeyDescriptionRequest$ = exports.UpdateCustomKeyStoreResponse$ = exports.UpdateCustomKeyStoreRequest$ = exports.UpdateAliasRequest$ = exports.UntagResourceRequest$ = exports.TagResourceRequest$ = exports.Tag$ = exports.SignResponse$ = exports.SignRequest$ = exports.ScheduleKeyDeletionResponse$ = exports.ScheduleKeyDeletionRequest$ = exports.RotationsListEntry$ = exports.RotateKeyOnDemandResponse$ = exports.RotateKeyOnDemandRequest$ = exports.RevokeGrantRequest$ = exports.RetireGrantRequest$ = exports.ReplicateKeyResponse$ = exports.ReplicateKeyRequest$ = exports.ReEncryptResponse$ = exports.ReEncryptRequest$ = exports.RecipientInfo$ = exports.PutKeyPolicyRequest$ = exports.MultiRegionKey$ = exports.MultiRegionConfiguration$ = exports.ListRetirableGrantsRequest$ = exports.ListResourceTagsResponse$ = exports.ListResourceTagsRequest$ = exports.ListKeysResponse$ = exports.ListKeysRequest$ = exports.ListKeyRotationsResponse$ = exports.ListKeyRotationsRequest$ = exports.ListKeyPoliciesResponse$ = exports.ListKeyPoliciesRequest$ = exports.ListGrantsResponse$ = exports.ListGrantsRequest$ = exports.ListAliasesResponse$ = exports.ListAliasesRequest$ = exports.KeyMetadata$ = exports.KeyListEntry$ = exports.ImportKeyMaterialResponse$ = exports.ImportKeyMaterialRequest$ = exports.GrantListEntry$ = exports.GrantConstraints$ = exports.GetPublicKeyResponse$ = exports.GetPublicKeyRequest$ = exports.GetParametersForImportResponse$ = exports.GetParametersForImportRequest$ = void 0;
-exports.Sign$ = exports.ScheduleKeyDeletion$ = exports.RotateKeyOnDemand$ = exports.RevokeGrant$ = exports.RetireGrant$ = exports.ReplicateKey$ = exports.ReEncrypt$ = exports.PutKeyPolicy$ = exports.ListRetirableGrants$ = exports.ListResourceTags$ = exports.ListKeys$ = exports.ListKeyRotations$ = exports.ListKeyPolicies$ = exports.ListGrants$ = exports.ListAliases$ = exports.ImportKeyMaterial$ = exports.GetPublicKey$ = exports.GetParametersForImport$ = exports.GetKeyRotationStatus$ = exports.GetKeyPolicy$ = exports.GenerateRandom$ = exports.GenerateMac$ = exports.GenerateDataKeyWithoutPlaintext$ = exports.GenerateDataKeyPairWithoutPlaintext$ = exports.GenerateDataKeyPair$ = exports.GenerateDataKey$ = exports.Encrypt$ = exports.EnableKeyRotation$ = exports.EnableKey$ = exports.DisconnectCustomKeyStore$ = exports.DisableKeyRotation$ = exports.DisableKey$ = exports.DescribeKey$ = exports.DescribeCustomKeyStores$ = exports.DeriveSharedSecret$ = exports.DeleteImportedKeyMaterial$ = exports.DeleteCustomKeyStore$ = exports.DeleteAlias$ = exports.Decrypt$ = exports.CreateKey$ = exports.CreateGrant$ = exports.CreateCustomKeyStore$ = exports.CreateAlias$ = exports.ConnectCustomKeyStore$ = exports.CancelKeyDeletion$ = exports.XksProxyConfigurationType$ = exports.XksProxyAuthenticationCredentialType$ = exports.XksKeyConfigurationType$ = exports.VerifyResponse$ = exports.VerifyRequest$ = void 0;
-exports.VerifyMac$ = exports.Verify$ = exports.UpdatePrimaryRegion$ = exports.UpdateKeyDescription$ = exports.UpdateCustomKeyStore$ = exports.UpdateAlias$ = exports.UntagResource$ = exports.TagResource$ = void 0;
+exports.GetKeyPolicyResponse$ = exports.GetKeyPolicyRequest$ = exports.GetKeyLastUsageResponse$ = exports.GetKeyLastUsageRequest$ = exports.GenerateRandomResponse$ = exports.GenerateRandomRequest$ = exports.GenerateMacResponse$ = exports.GenerateMacRequest$ = exports.GenerateDataKeyWithoutPlaintextResponse$ = exports.GenerateDataKeyWithoutPlaintextRequest$ = exports.GenerateDataKeyResponse$ = exports.GenerateDataKeyRequest$ = exports.GenerateDataKeyPairWithoutPlaintextResponse$ = exports.GenerateDataKeyPairWithoutPlaintextRequest$ = exports.GenerateDataKeyPairResponse$ = exports.GenerateDataKeyPairRequest$ = exports.EncryptResponse$ = exports.EncryptRequest$ = exports.EnableKeyRotationRequest$ = exports.EnableKeyRequest$ = exports.DisconnectCustomKeyStoreResponse$ = exports.DisconnectCustomKeyStoreRequest$ = exports.DisableKeyRotationRequest$ = exports.DisableKeyRequest$ = exports.DescribeKeyResponse$ = exports.DescribeKeyRequest$ = exports.DescribeCustomKeyStoresResponse$ = exports.DescribeCustomKeyStoresRequest$ = exports.DeriveSharedSecretResponse$ = exports.DeriveSharedSecretRequest$ = exports.DeleteImportedKeyMaterialResponse$ = exports.DeleteImportedKeyMaterialRequest$ = exports.DeleteCustomKeyStoreResponse$ = exports.DeleteCustomKeyStoreRequest$ = exports.DeleteAliasRequest$ = exports.DecryptResponse$ = exports.DecryptRequest$ = exports.CustomKeyStoresListEntry$ = exports.CreateKeyResponse$ = exports.CreateKeyRequest$ = exports.CreateGrantResponse$ = exports.CreateGrantRequest$ = exports.CreateCustomKeyStoreResponse$ = exports.CreateCustomKeyStoreRequest$ = exports.CreateAliasRequest$ = exports.ConnectCustomKeyStoreResponse$ = exports.ConnectCustomKeyStoreRequest$ = exports.CancelKeyDeletionResponse$ = exports.CancelKeyDeletionRequest$ = exports.AliasListEntry$ = void 0;
+exports.UpdateKeyDescriptionRequest$ = exports.UpdateCustomKeyStoreResponse$ = exports.UpdateCustomKeyStoreRequest$ = exports.UpdateAliasRequest$ = exports.UntagResourceRequest$ = exports.TagResourceRequest$ = exports.Tag$ = exports.SignResponse$ = exports.SignRequest$ = exports.ScheduleKeyDeletionResponse$ = exports.ScheduleKeyDeletionRequest$ = exports.RotationsListEntry$ = exports.RotateKeyOnDemandResponse$ = exports.RotateKeyOnDemandRequest$ = exports.RevokeGrantRequest$ = exports.RetireGrantRequest$ = exports.ReplicateKeyResponse$ = exports.ReplicateKeyRequest$ = exports.ReEncryptResponse$ = exports.ReEncryptRequest$ = exports.RecipientInfo$ = exports.PutKeyPolicyRequest$ = exports.MultiRegionKey$ = exports.MultiRegionConfiguration$ = exports.ListRetirableGrantsRequest$ = exports.ListResourceTagsResponse$ = exports.ListResourceTagsRequest$ = exports.ListKeysResponse$ = exports.ListKeysRequest$ = exports.ListKeyRotationsResponse$ = exports.ListKeyRotationsRequest$ = exports.ListKeyPoliciesResponse$ = exports.ListKeyPoliciesRequest$ = exports.ListGrantsResponse$ = exports.ListGrantsRequest$ = exports.ListAliasesResponse$ = exports.ListAliasesRequest$ = exports.KeyMetadata$ = exports.KeyListEntry$ = exports.KeyLastUsageData$ = exports.ImportKeyMaterialResponse$ = exports.ImportKeyMaterialRequest$ = exports.GrantListEntry$ = exports.GrantConstraints$ = exports.GetPublicKeyResponse$ = exports.GetPublicKeyRequest$ = exports.GetParametersForImportResponse$ = exports.GetParametersForImportRequest$ = exports.GetKeyRotationStatusResponse$ = exports.GetKeyRotationStatusRequest$ = void 0;
+exports.RetireGrant$ = exports.ReplicateKey$ = exports.ReEncrypt$ = exports.PutKeyPolicy$ = exports.ListRetirableGrants$ = exports.ListResourceTags$ = exports.ListKeys$ = exports.ListKeyRotations$ = exports.ListKeyPolicies$ = exports.ListGrants$ = exports.ListAliases$ = exports.ImportKeyMaterial$ = exports.GetPublicKey$ = exports.GetParametersForImport$ = exports.GetKeyRotationStatus$ = exports.GetKeyPolicy$ = exports.GetKeyLastUsage$ = exports.GenerateRandom$ = exports.GenerateMac$ = exports.GenerateDataKeyWithoutPlaintext$ = exports.GenerateDataKeyPairWithoutPlaintext$ = exports.GenerateDataKeyPair$ = exports.GenerateDataKey$ = exports.Encrypt$ = exports.EnableKeyRotation$ = exports.EnableKey$ = exports.DisconnectCustomKeyStore$ = exports.DisableKeyRotation$ = exports.DisableKey$ = exports.DescribeKey$ = exports.DescribeCustomKeyStores$ = exports.DeriveSharedSecret$ = exports.DeleteImportedKeyMaterial$ = exports.DeleteCustomKeyStore$ = exports.DeleteAlias$ = exports.Decrypt$ = exports.CreateKey$ = exports.CreateGrant$ = exports.CreateCustomKeyStore$ = exports.CreateAlias$ = exports.ConnectCustomKeyStore$ = exports.CancelKeyDeletion$ = exports.XksProxyConfigurationType$ = exports.XksProxyAuthenticationCredentialType$ = exports.XksKeyConfigurationType$ = exports.VerifyResponse$ = exports.VerifyRequest$ = exports.VerifyMacResponse$ = exports.VerifyMacRequest$ = exports.UpdatePrimaryRegionRequest$ = void 0;
+exports.VerifyMac$ = exports.Verify$ = exports.UpdatePrimaryRegion$ = exports.UpdateKeyDescription$ = exports.UpdateCustomKeyStore$ = exports.UpdateAlias$ = exports.UntagResource$ = exports.TagResource$ = exports.Sign$ = exports.ScheduleKeyDeletion$ = exports.RotateKeyOnDemand$ = exports.RevokeGrant$ = void 0;
 const _A = "Arn";
 const _AA = "AliasArn";
 const _AD = "AttestationDocument";
@@ -58,6 +58,7 @@ const _CKSNIUE = "CustomKeyStoreNameInUseException";
 const _CKST = "CustomKeyStoreType";
 const _CMKS = "CustomerMasterKeySpec";
 const _CS = "ConnectionState";
+const _CTEI = "CloudTrailEventId";
 const _Co = "Connectivity";
 const _D = "Description";
 const _DA = "DeleteAlias";
@@ -128,6 +129,9 @@ const _GDKWP = "GenerateDataKeyWithoutPlaintext";
 const _GDKWPR = "GenerateDataKeyWithoutPlaintextRequest";
 const _GDKWPRe = "GenerateDataKeyWithoutPlaintextResponse";
 const _GI = "GrantId";
+const _GKLU = "GetKeyLastUsage";
+const _GKLUR = "GetKeyLastUsageRequest";
+const _GKLURe = "GetKeyLastUsageResponse";
 const _GKP = "GetKeyPolicy";
 const _GKPR = "GetKeyPolicyRequest";
 const _GKPRe = "GetKeyPolicyResponse";
@@ -175,10 +179,13 @@ const _K = "Keys";
 const _KA = "KeyArn";
 const _KAA = "KeyAgreementAlgorithm";
 const _KAAe = "KeyAgreementAlgorithms";
+const _KCD = "KeyCreationDate";
 const _KEA = "KeyEncryptionAlgorithm";
 const _KI = "KeyId";
 const _KL = "KeyList";
 const _KLE = "KeyListEntry";
+const _KLU = "KeyLastUsage";
+const _KLUD = "KeyLastUsageData";
 const _KM = "KeyMetadata";
 const _KMD = "KeyMaterialDescription";
 const _KMI = "KeyMaterialId";
@@ -191,6 +198,7 @@ const _KMe = "KeyManager";
 const _KO = "KeyOrigin";
 const _KPS = "KeyPairSpec";
 const _KRE = "KeyRotationEnabled";
+const _KRI = "KmsRequestId";
 const _KS = "KeySpec";
 const _KSP = "KeyStorePassword";
 const _KSPT = "KeyStorePasswordType";
@@ -241,6 +249,7 @@ const _NOB = "NumberOfBytes";
 const _NRD = "NextRotationDate";
 const _O = "Operations";
 const _ODRSD = "OnDemandRotationStartDate";
+const _Op = "Operation";
 const _Or = "Origin";
 const _P = "Policy";
 const _PDWID = "PendingDeletionWindowInDays";
@@ -310,8 +319,10 @@ const _TKa = "TagKeys";
 const _TL = "TagList";
 const _TR = "TagResource";
 const _TRR = "TagResourceRequest";
+const _TSD = "TrackingStartDate";
 const _TV = "TagValue";
 const _Ta = "Tag";
+const _Ti = "Timestamp";
 const _Tr = "Truncated";
 const _UA = "UpdateAlias";
 const _UAR = "UpdateAliasRequest";
@@ -905,6 +916,16 @@ exports.GenerateRandomResponse$ = [3, n0, _GRRe,
     [_Pl, _CFR],
     [[() => PlaintextType, 0], 21]
 ];
+exports.GetKeyLastUsageRequest$ = [3, n0, _GKLUR,
+    0,
+    [_KI],
+    [0], 1
+];
+exports.GetKeyLastUsageResponse$ = [3, n0, _GKLURe,
+    0,
+    [_KI, _KLU, _TSD, _KCD],
+    [0, () => exports.KeyLastUsageData$, 4, 4]
+];
 exports.GetKeyPolicyRequest$ = [3, n0, _GKPR,
     0,
     [_KI, _PN],
@@ -965,6 +986,11 @@ exports.ImportKeyMaterialResponse$ = [3, n0, _IKMRm,
     [_KI, _KMI],
     [0, 0]
 ];
+exports.KeyLastUsageData$ = [3, n0, _KLUD,
+    0,
+    [_Op, _Ti, _CTEI, _KRI],
+    [0, 4, 0, 0]
+];
 exports.KeyListEntry$ = [3, n0, _KLE,
     0,
     [_KI, _KA],
@@ -1308,6 +1334,9 @@ exports.GenerateMac$ = [9, n0, _GM,
 exports.GenerateRandom$ = [9, n0, _GR,
     0, () => exports.GenerateRandomRequest$, () => exports.GenerateRandomResponse$
 ];
+exports.GetKeyLastUsage$ = [9, n0, _GKLU,
+    0, () => exports.GetKeyLastUsageRequest$, () => exports.GetKeyLastUsageResponse$
+];
 exports.GetKeyPolicy$ = [9, n0, _GKP,
     0, () => exports.GetKeyPolicyRequest$, () => exports.GetKeyPolicyResponse$
 ];

package/dist-es/KMS.js

@@ -24,6 +24,7 @@ import { GenerateDataKeyPairWithoutPlaintextCommand, } from "./commands/Generate
 import { GenerateDataKeyWithoutPlaintextCommand, } from "./commands/GenerateDataKeyWithoutPlaintextCommand";
 import { GenerateMacCommand, } from "./commands/GenerateMacCommand";
 import { GenerateRandomCommand, } from "./commands/GenerateRandomCommand";
+import { GetKeyLastUsageCommand, } from "./commands/GetKeyLastUsageCommand";
 import { GetKeyPolicyCommand, } from "./commands/GetKeyPolicyCommand";
 import { GetKeyRotationStatusCommand, } from "./commands/GetKeyRotationStatusCommand";
 import { GetParametersForImportCommand, } from "./commands/GetParametersForImportCommand";
@@ -87,6 +88,7 @@ const commands = {
     GenerateDataKeyWithoutPlaintextCommand,
     GenerateMacCommand,
     GenerateRandomCommand,
+    GetKeyLastUsageCommand,
     GetKeyPolicyCommand,
     GetKeyRotationStatusCommand,
     GetParametersForImportCommand,

package/dist-es/commands/GetKeyLastUsageCommand.js

@@ -0,0 +1,16 @@
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { GetKeyLastUsage$ } from "../schemas/schemas_0";
+export { $Command };
+export class GetKeyLastUsageCommand extends $Command
+    .classBuilder()
+    .ep(commonParams)
+    .m(function (Command, cs, config, o) {
+    return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
+})
+    .s("TrentService", "GetKeyLastUsage", {})
+    .n("KMSClient", "GetKeyLastUsageCommand")
+    .sc(GetKeyLastUsage$)
+    .build() {
+}

package/dist-es/commands/index.js

@@ -23,6 +23,7 @@ export * from "./GenerateDataKeyPairWithoutPlaintextCommand";
 export * from "./GenerateDataKeyWithoutPlaintextCommand";
 export * from "./GenerateMacCommand";
 export * from "./GenerateRandomCommand";
+export * from "./GetKeyLastUsageCommand";
 export * from "./GetKeyPolicyCommand";
 export * from "./GetKeyRotationStatusCommand";
 export * from "./GetParametersForImportCommand";

package/dist-es/models/enums.js

@@ -179,6 +179,20 @@ export const DryRunModifierType = {
 export const KeyEncryptionMechanism = {
     RSAES_OAEP_SHA_256: "RSAES_OAEP_SHA_256",
 };
+export const KeyLastUsageTrackingOperation = {
+    Decrypt: "Decrypt",
+    DeriveSharedSecret: "DeriveSharedSecret",
+    Encrypt: "Encrypt",
+    GenerateDataKey: "GenerateDataKey",
+    GenerateDataKeyPair: "GenerateDataKeyPair",
+    GenerateDataKeyPairWithoutPlaintext: "GenerateDataKeyPairWithoutPlaintext",
+    GenerateDataKeyWithoutPlaintext: "GenerateDataKeyWithoutPlaintext",
+    GenerateMac: "GenerateMac",
+    ReEncrypt: "ReEncrypt",
+    Sign: "Sign",
+    Verify: "Verify",
+    VerifyMac: "VerifyMac",
+};
 export const WrappingKeySpec = {
     RSA_2048: "RSA_2048",
     RSA_3072: "RSA_3072",

package/dist-es/schemas/schemas_0.js

@@ -51,6 +51,7 @@ const _CKSNIUE = "CustomKeyStoreNameInUseException";
 const _CKST = "CustomKeyStoreType";
 const _CMKS = "CustomerMasterKeySpec";
 const _CS = "ConnectionState";
+const _CTEI = "CloudTrailEventId";
 const _Co = "Connectivity";
 const _D = "Description";
 const _DA = "DeleteAlias";
@@ -121,6 +122,9 @@ const _GDKWP = "GenerateDataKeyWithoutPlaintext";
 const _GDKWPR = "GenerateDataKeyWithoutPlaintextRequest";
 const _GDKWPRe = "GenerateDataKeyWithoutPlaintextResponse";
 const _GI = "GrantId";
+const _GKLU = "GetKeyLastUsage";
+const _GKLUR = "GetKeyLastUsageRequest";
+const _GKLURe = "GetKeyLastUsageResponse";
 const _GKP = "GetKeyPolicy";
 const _GKPR = "GetKeyPolicyRequest";
 const _GKPRe = "GetKeyPolicyResponse";
@@ -168,10 +172,13 @@ const _K = "Keys";
 const _KA = "KeyArn";
 const _KAA = "KeyAgreementAlgorithm";
 const _KAAe = "KeyAgreementAlgorithms";
+const _KCD = "KeyCreationDate";
 const _KEA = "KeyEncryptionAlgorithm";
 const _KI = "KeyId";
 const _KL = "KeyList";
 const _KLE = "KeyListEntry";
+const _KLU = "KeyLastUsage";
+const _KLUD = "KeyLastUsageData";
 const _KM = "KeyMetadata";
 const _KMD = "KeyMaterialDescription";
 const _KMI = "KeyMaterialId";
@@ -184,6 +191,7 @@ const _KMe = "KeyManager";
 const _KO = "KeyOrigin";
 const _KPS = "KeyPairSpec";
 const _KRE = "KeyRotationEnabled";
+const _KRI = "KmsRequestId";
 const _KS = "KeySpec";
 const _KSP = "KeyStorePassword";
 const _KSPT = "KeyStorePasswordType";
@@ -234,6 +242,7 @@ const _NOB = "NumberOfBytes";
 const _NRD = "NextRotationDate";
 const _O = "Operations";
 const _ODRSD = "OnDemandRotationStartDate";
+const _Op = "Operation";
 const _Or = "Origin";
 const _P = "Policy";
 const _PDWID = "PendingDeletionWindowInDays";
@@ -303,8 +312,10 @@ const _TKa = "TagKeys";
 const _TL = "TagList";
 const _TR = "TagResource";
 const _TRR = "TagResourceRequest";
+const _TSD = "TrackingStartDate";
 const _TV = "TagValue";
 const _Ta = "Tag";
+const _Ti = "Timestamp";
 const _Tr = "Truncated";
 const _UA = "UpdateAlias";
 const _UAR = "UpdateAliasRequest";
@@ -898,6 +909,16 @@ export var GenerateRandomResponse$ = [3, n0, _GRRe,
     [_Pl, _CFR],
     [[() => PlaintextType, 0], 21]
 ];
+export var GetKeyLastUsageRequest$ = [3, n0, _GKLUR,
+    0,
+    [_KI],
+    [0], 1
+];
+export var GetKeyLastUsageResponse$ = [3, n0, _GKLURe,
+    0,
+    [_KI, _KLU, _TSD, _KCD],
+    [0, () => KeyLastUsageData$, 4, 4]
+];
 export var GetKeyPolicyRequest$ = [3, n0, _GKPR,
     0,
     [_KI, _PN],
@@ -958,6 +979,11 @@ export var ImportKeyMaterialResponse$ = [3, n0, _IKMRm,
     [_KI, _KMI],
     [0, 0]
 ];
+export var KeyLastUsageData$ = [3, n0, _KLUD,
+    0,
+    [_Op, _Ti, _CTEI, _KRI],
+    [0, 4, 0, 0]
+];
 export var KeyListEntry$ = [3, n0, _KLE,
     0,
     [_KI, _KA],
@@ -1301,6 +1327,9 @@ export var GenerateMac$ = [9, n0, _GM,
 export var GenerateRandom$ = [9, n0, _GR,
     0, () => GenerateRandomRequest$, () => GenerateRandomResponse$
 ];
+export var GetKeyLastUsage$ = [9, n0, _GKLU,
+    0, () => GetKeyLastUsageRequest$, () => GetKeyLastUsageResponse$
+];
 export var GetKeyPolicy$ = [9, n0, _GKP,
     0, () => GetKeyPolicyRequest$, () => GetKeyPolicyResponse$
 ];

package/dist-types/KMS.d.ts

@@ -24,6 +24,7 @@ import { type GenerateDataKeyPairWithoutPlaintextCommandInput, type GenerateData
 import { type GenerateDataKeyWithoutPlaintextCommandInput, type GenerateDataKeyWithoutPlaintextCommandOutput } from "./commands/GenerateDataKeyWithoutPlaintextCommand";
 import { type GenerateMacCommandInput, type GenerateMacCommandOutput } from "./commands/GenerateMacCommand";
 import { type GenerateRandomCommandInput, type GenerateRandomCommandOutput } from "./commands/GenerateRandomCommand";
+import { type GetKeyLastUsageCommandInput, type GetKeyLastUsageCommandOutput } from "./commands/GetKeyLastUsageCommand";
 import { type GetKeyPolicyCommandInput, type GetKeyPolicyCommandOutput } from "./commands/GetKeyPolicyCommand";
 import { type GetKeyRotationStatusCommandInput, type GetKeyRotationStatusCommandOutput } from "./commands/GetKeyRotationStatusCommand";
 import { type GetParametersForImportCommandInput, type GetParametersForImportCommandOutput } from "./commands/GetParametersForImportCommand";
@@ -208,6 +209,12 @@ export interface KMS {
     generateRandom(args: GenerateRandomCommandInput, options?: __HttpHandlerOptions): Promise<GenerateRandomCommandOutput>;
     generateRandom(args: GenerateRandomCommandInput, cb: (err: any, data?: GenerateRandomCommandOutput) => void): void;
     generateRandom(args: GenerateRandomCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GenerateRandomCommandOutput) => void): void;
+    /**
+     * @see {@link GetKeyLastUsageCommand}
+     */
+    getKeyLastUsage(args: GetKeyLastUsageCommandInput, options?: __HttpHandlerOptions): Promise<GetKeyLastUsageCommandOutput>;
+    getKeyLastUsage(args: GetKeyLastUsageCommandInput, cb: (err: any, data?: GetKeyLastUsageCommandOutput) => void): void;
+    getKeyLastUsage(args: GetKeyLastUsageCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetKeyLastUsageCommandOutput) => void): void;
     /**
      * @see {@link GetKeyPolicyCommand}
      */

package/dist-types/KMSClient.d.ts

@@ -32,6 +32,7 @@ import type { GenerateDataKeyPairWithoutPlaintextCommandInput, GenerateDataKeyPa
 import type { GenerateDataKeyWithoutPlaintextCommandInput, GenerateDataKeyWithoutPlaintextCommandOutput } from "./commands/GenerateDataKeyWithoutPlaintextCommand";
 import type { GenerateMacCommandInput, GenerateMacCommandOutput } from "./commands/GenerateMacCommand";
 import type { GenerateRandomCommandInput, GenerateRandomCommandOutput } from "./commands/GenerateRandomCommand";
+import type { GetKeyLastUsageCommandInput, GetKeyLastUsageCommandOutput } from "./commands/GetKeyLastUsageCommand";
 import type { GetKeyPolicyCommandInput, GetKeyPolicyCommandOutput } from "./commands/GetKeyPolicyCommand";
 import type { GetKeyRotationStatusCommandInput, GetKeyRotationStatusCommandOutput } from "./commands/GetKeyRotationStatusCommand";
 import type { GetParametersForImportCommandInput, GetParametersForImportCommandOutput } from "./commands/GetParametersForImportCommand";
@@ -66,11 +67,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = CancelKeyDeletionCommandInput | ConnectCustomKeyStoreCommandInput | CreateAliasCommandInput | CreateCustomKeyStoreCommandInput | CreateGrantCommandInput | CreateKeyCommandInput | DecryptCommandInput | DeleteAliasCommandInput | DeleteCustomKeyStoreCommandInput | DeleteImportedKeyMaterialCommandInput | DeriveSharedSecretCommandInput | DescribeCustomKeyStoresCommandInput | DescribeKeyCommandInput | DisableKeyCommandInput | DisableKeyRotationCommandInput | DisconnectCustomKeyStoreCommandInput | EnableKeyCommandInput | EnableKeyRotationCommandInput | EncryptCommandInput | GenerateDataKeyCommandInput | GenerateDataKeyPairCommandInput | GenerateDataKeyPairWithoutPlaintextCommandInput | GenerateDataKeyWithoutPlaintextCommandInput | GenerateMacCommandInput | GenerateRandomCommandInput | GetKeyPolicyCommandInput | GetKeyRotationStatusCommandInput | GetParametersForImportCommandInput | GetPublicKeyCommandInput | ImportKeyMaterialCommandInput | ListAliasesCommandInput | ListGrantsCommandInput | ListKeyPoliciesCommandInput | ListKeyRotationsCommandInput | ListKeysCommandInput | ListResourceTagsCommandInput | ListRetirableGrantsCommandInput | PutKeyPolicyCommandInput | ReEncryptCommandInput | ReplicateKeyCommandInput | RetireGrantCommandInput | RevokeGrantCommandInput | RotateKeyOnDemandCommandInput | ScheduleKeyDeletionCommandInput | SignCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateAliasCommandInput | UpdateCustomKeyStoreCommandInput | UpdateKeyDescriptionCommandInput | UpdatePrimaryRegionCommandInput | VerifyCommandInput | VerifyMacCommandInput;
+export type ServiceInputTypes = CancelKeyDeletionCommandInput | ConnectCustomKeyStoreCommandInput | CreateAliasCommandInput | CreateCustomKeyStoreCommandInput | CreateGrantCommandInput | CreateKeyCommandInput | DecryptCommandInput | DeleteAliasCommandInput | DeleteCustomKeyStoreCommandInput | DeleteImportedKeyMaterialCommandInput | DeriveSharedSecretCommandInput | DescribeCustomKeyStoresCommandInput | DescribeKeyCommandInput | DisableKeyCommandInput | DisableKeyRotationCommandInput | DisconnectCustomKeyStoreCommandInput | EnableKeyCommandInput | EnableKeyRotationCommandInput | EncryptCommandInput | GenerateDataKeyCommandInput | GenerateDataKeyPairCommandInput | GenerateDataKeyPairWithoutPlaintextCommandInput | GenerateDataKeyWithoutPlaintextCommandInput | GenerateMacCommandInput | GenerateRandomCommandInput | GetKeyLastUsageCommandInput | GetKeyPolicyCommandInput | GetKeyRotationStatusCommandInput | GetParametersForImportCommandInput | GetPublicKeyCommandInput | ImportKeyMaterialCommandInput | ListAliasesCommandInput | ListGrantsCommandInput | ListKeyPoliciesCommandInput | ListKeyRotationsCommandInput | ListKeysCommandInput | ListResourceTagsCommandInput | ListRetirableGrantsCommandInput | PutKeyPolicyCommandInput | ReEncryptCommandInput | ReplicateKeyCommandInput | RetireGrantCommandInput | RevokeGrantCommandInput | RotateKeyOnDemandCommandInput | ScheduleKeyDeletionCommandInput | SignCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateAliasCommandInput | UpdateCustomKeyStoreCommandInput | UpdateKeyDescriptionCommandInput | UpdatePrimaryRegionCommandInput | VerifyCommandInput | VerifyMacCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = CancelKeyDeletionCommandOutput | ConnectCustomKeyStoreCommandOutput | CreateAliasCommandOutput | CreateCustomKeyStoreCommandOutput | CreateGrantCommandOutput | CreateKeyCommandOutput | DecryptCommandOutput | DeleteAliasCommandOutput | DeleteCustomKeyStoreCommandOutput | DeleteImportedKeyMaterialCommandOutput | DeriveSharedSecretCommandOutput | DescribeCustomKeyStoresCommandOutput | DescribeKeyCommandOutput | DisableKeyCommandOutput | DisableKeyRotationCommandOutput | DisconnectCustomKeyStoreCommandOutput | EnableKeyCommandOutput | EnableKeyRotationCommandOutput | EncryptCommandOutput | GenerateDataKeyCommandOutput | GenerateDataKeyPairCommandOutput | GenerateDataKeyPairWithoutPlaintextCommandOutput | GenerateDataKeyWithoutPlaintextCommandOutput | GenerateMacCommandOutput | GenerateRandomCommandOutput | GetKeyPolicyCommandOutput | GetKeyRotationStatusCommandOutput | GetParametersForImportCommandOutput | GetPublicKeyCommandOutput | ImportKeyMaterialCommandOutput | ListAliasesCommandOutput | ListGrantsCommandOutput | ListKeyPoliciesCommandOutput | ListKeyRotationsCommandOutput | ListKeysCommandOutput | ListResourceTagsCommandOutput | ListRetirableGrantsCommandOutput | PutKeyPolicyCommandOutput | ReEncryptCommandOutput | ReplicateKeyCommandOutput | RetireGrantCommandOutput | RevokeGrantCommandOutput | RotateKeyOnDemandCommandOutput | ScheduleKeyDeletionCommandOutput | SignCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateAliasCommandOutput | UpdateCustomKeyStoreCommandOutput | UpdateKeyDescriptionCommandOutput | UpdatePrimaryRegionCommandOutput | VerifyCommandOutput | VerifyMacCommandOutput;
+export type ServiceOutputTypes = CancelKeyDeletionCommandOutput | ConnectCustomKeyStoreCommandOutput | CreateAliasCommandOutput | CreateCustomKeyStoreCommandOutput | CreateGrantCommandOutput | CreateKeyCommandOutput | DecryptCommandOutput | DeleteAliasCommandOutput | DeleteCustomKeyStoreCommandOutput | DeleteImportedKeyMaterialCommandOutput | DeriveSharedSecretCommandOutput | DescribeCustomKeyStoresCommandOutput | DescribeKeyCommandOutput | DisableKeyCommandOutput | DisableKeyRotationCommandOutput | DisconnectCustomKeyStoreCommandOutput | EnableKeyCommandOutput | EnableKeyRotationCommandOutput | EncryptCommandOutput | GenerateDataKeyCommandOutput | GenerateDataKeyPairCommandOutput | GenerateDataKeyPairWithoutPlaintextCommandOutput | GenerateDataKeyWithoutPlaintextCommandOutput | GenerateMacCommandOutput | GenerateRandomCommandOutput | GetKeyLastUsageCommandOutput | GetKeyPolicyCommandOutput | GetKeyRotationStatusCommandOutput | GetParametersForImportCommandOutput | GetPublicKeyCommandOutput | ImportKeyMaterialCommandOutput | ListAliasesCommandOutput | ListGrantsCommandOutput | ListKeyPoliciesCommandOutput | ListKeyRotationsCommandOutput | ListKeysCommandOutput | ListResourceTagsCommandOutput | ListRetirableGrantsCommandOutput | PutKeyPolicyCommandOutput | ReEncryptCommandOutput | ReplicateKeyCommandOutput | RetireGrantCommandOutput | RevokeGrantCommandOutput | RotateKeyOnDemandCommandOutput | ScheduleKeyDeletionCommandOutput | SignCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateAliasCommandOutput | UpdateCustomKeyStoreCommandOutput | UpdateKeyDescriptionCommandOutput | UpdatePrimaryRegionCommandOutput | VerifyCommandOutput | VerifyMacCommandOutput;
 /**
  * @public
  */

package/dist-types/commands/ConnectCustomKeyStoreCommand.d.ts

@@ -206,8 +206,10 @@ declare const ConnectCustomKeyStoreCommand_base: {
  *             </li>
  *             <li>
  *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
- *           disconnected. This operation is valid only when the custom key store
- *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *           disconnected. <code>UpdateCustomKeyStore</code> can be called on a custom key store in the
+ *             <code>CONNECTED</code> state only to update <code>NewCustomKeyStoreName</code>.
+ *             For all other properties, the custom key store
+ *             <code>ConnectionState</code> must be <code>DISCONNECTED</code>.</p>
  *             </li>
  *             <li>
  *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store

package/dist-types/commands/CreateKeyCommand.d.ts

@@ -347,8 +347,10 @@ declare const CreateKeyCommand_base: {
  *             </li>
  *             <li>
  *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
- *           disconnected. This operation is valid only when the custom key store
- *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *           disconnected. <code>UpdateCustomKeyStore</code> can be called on a custom key store in the
+ *             <code>CONNECTED</code> state only to update <code>NewCustomKeyStoreName</code>.
+ *             For all other properties, the custom key store
+ *             <code>ConnectionState</code> must be <code>DISCONNECTED</code>.</p>
  *             </li>
  *             <li>
  *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store

package/dist-types/commands/DecryptCommand.d.ts

@@ -91,9 +91,11 @@ declare const DecryptCommand_base: {
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. If you use the <code>KeyId</code>
- *       parameter to identify a KMS key in a different Amazon Web Services account, specify the key ARN or the alias
- *       ARN of the KMS key.</p>
+ *             <b>Cross-account use</b>: Yes. To specify a KMS key
+ *       in a different Amazon Web Services account, use the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a> or <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-alias-ARN">alias
+ *         ARN</a>. A short <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id">key ID</a> is also acceptable
+ *       when decrypting symmetric ciphertexts, though using a full key ARN is recommended
+ *       to be more explicit about the intended KMS key.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Decrypt</a> (key policy)</p>
  *          <p>

package/dist-types/commands/DeleteCustomKeyStoreCommand.d.ts

@@ -144,8 +144,10 @@ declare const DeleteCustomKeyStoreCommand_base: {
  *             </li>
  *             <li>
  *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
- *           disconnected. This operation is valid only when the custom key store
- *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *           disconnected. <code>UpdateCustomKeyStore</code> can be called on a custom key store in the
+ *             <code>CONNECTED</code> state only to update <code>NewCustomKeyStoreName</code>.
+ *             For all other properties, the custom key store
+ *             <code>ConnectionState</code> must be <code>DISCONNECTED</code>.</p>
  *             </li>
  *             <li>
  *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store

package/dist-types/commands/DisconnectCustomKeyStoreCommand.d.ts

@@ -131,8 +131,10 @@ declare const DisconnectCustomKeyStoreCommand_base: {
  *             </li>
  *             <li>
  *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
- *           disconnected. This operation is valid only when the custom key store
- *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *           disconnected. <code>UpdateCustomKeyStore</code> can be called on a custom key store in the
+ *             <code>CONNECTED</code> state only to update <code>NewCustomKeyStoreName</code>.
+ *             For all other properties, the custom key store
+ *             <code>ConnectionState</code> must be <code>DISCONNECTED</code>.</p>
  *             </li>
  *             <li>
  *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store

package/dist-types/commands/GenerateRandomCommand.d.ts

@@ -107,8 +107,10 @@ declare const GenerateRandomCommand_base: {
  *             </li>
  *             <li>
  *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
- *           disconnected. This operation is valid only when the custom key store
- *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *           disconnected. <code>UpdateCustomKeyStore</code> can be called on a custom key store in the
+ *             <code>CONNECTED</code> state only to update <code>NewCustomKeyStoreName</code>.
+ *             For all other properties, the custom key store
+ *             <code>ConnectionState</code> must be <code>DISCONNECTED</code>.</p>
  *             </li>
  *             <li>
  *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store

package/dist-types/commands/GetKeyLastUsageCommand.d.ts

@@ -0,0 +1,188 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import type { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
+import type { GetKeyLastUsageRequest, GetKeyLastUsageResponse } from "../models/models_0";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetKeyLastUsageCommand}.
+ */
+export interface GetKeyLastUsageCommandInput extends GetKeyLastUsageRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetKeyLastUsageCommand}.
+ */
+export interface GetKeyLastUsageCommandOutput extends GetKeyLastUsageResponse, __MetadataBearer {
+}
+declare const GetKeyLastUsageCommand_base: {
+    new (input: GetKeyLastUsageCommandInput): import("@smithy/smithy-client").CommandImpl<GetKeyLastUsageCommandInput, GetKeyLastUsageCommandOutput, KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (input: GetKeyLastUsageCommandInput): import("@smithy/smithy-client").CommandImpl<GetKeyLastUsageCommandInput, GetKeyLastUsageCommandOutput, KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns usage information about the last successful cryptographic operation performed with a
+ *       specified KMS key, including the operation type, timestamp, and associated CloudTrail event
+ *       ID.</p>
+ *          <p>The <code>TrackingStartDate</code> in the <code>GetKeyLastUsage</code> response indicates
+ *       the date from which KMS began recording cryptographic activity for a given key. Use this
+ *       value together with <code>KeyCreationDate</code> to understand the key's usage
+ *       history:</p>
+ *          <ul>
+ *             <li>
+ *                <p>If the <code>KeyLastUsage</code> response element is <i>present</i>,
+ *           the key has been used for a successful cryptographic operation since the
+ *           <code>TrackingStartDate</code>. The response includes the operation type, timestamp, and
+ *           associated CloudTrail event ID.</p>
+ *             </li>
+ *             <li>
+ *                <p>If the <code>KeyLastUsage</code> response element is <i>empty</i> and
+ *           <code>KeyCreationDate</code> is on or after <code>TrackingStartDate</code>, the key has
+ *           not been used for a successful cryptographic operation since it was created.</p>
+ *             </li>
+ *             <li>
+ *                <p>If the <code>KeyLastUsage</code> response element is <i>empty</i> and
+ *           <code>KeyCreationDate</code> is before <code>TrackingStartDate</code>, there is no record
+ *           of the key being used for a successful cryptographic operation since the
+ *           <code>TrackingStartDate</code>. However, the key may have been used before tracking
+ *           began. To determine whether the key was used before the <code>TrackingStartDate</code>,
+ *           examine your past CloudTrail logs.</p>
+ *             </li>
+ *          </ul>
+ *          <p>For multi-Region KMS keys, primary and replica keys track last usage independently. Each
+ *       key in a multi-Region key set maintains its own usage information.</p>
+ *          <p>The <code>ReEncrypt</code> operation uses two keys: a source key for decryption and a
+ *       destination key for encryption. Usage information is recorded for both keys independently,
+ *       each with the CloudTrail event ID from the respective key owner's account.</p>
+ *          <note>
+ *             <p>Do not use <code>GetKeyLastUsage</code> as the sole indicator when scheduling a key for
+ *         deletion. Instead, first <a href="https://docs.aws.amazon.com/kms/latest/developerguide/enabling-keys.html">disable the key</a> and monitor CloudTrail for
+ *         <code>DisabledException</code> entries, as there could be infrequent workflows that are
+ *         dependent on the key. By looking for this exception, you can identify potential dependencies
+ *         and workload failures before they occur.</p>
+ *          </note>
+ *          <p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation
+ *       on a KMS key in a different Amazon Web Services account.</p>
+ *          <p>
+ *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GetKeyLastUsage</a> (key policy)</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>DescribeKey</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>DisableKey</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ScheduleKeyDeletion</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ *          <p>
+ *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { KMSClient, GetKeyLastUsageCommand } from "@aws-sdk/client-kms"; // ES Modules import
+ * // const { KMSClient, GetKeyLastUsageCommand } = require("@aws-sdk/client-kms"); // CommonJS import
+ * // import type { KMSClientConfig } from "@aws-sdk/client-kms";
+ * const config = {}; // type is KMSClientConfig
+ * const client = new KMSClient(config);
+ * const input = { // GetKeyLastUsageRequest
+ *   KeyId: "STRING_VALUE", // required
+ * };
+ * const command = new GetKeyLastUsageCommand(input);
+ * const response = await client.send(command);
+ * // { // GetKeyLastUsageResponse
+ * //   KeyId: "STRING_VALUE",
+ * //   KeyLastUsage: { // KeyLastUsageData
+ * //     Operation: "Decrypt" || "DeriveSharedSecret" || "Encrypt" || "GenerateDataKey" || "GenerateDataKeyPair" || "GenerateDataKeyPairWithoutPlaintext" || "GenerateDataKeyWithoutPlaintext" || "GenerateMac" || "ReEncrypt" || "Sign" || "Verify" || "VerifyMac",
+ * //     Timestamp: new Date("TIMESTAMP"),
+ * //     CloudTrailEventId: "STRING_VALUE",
+ * //     KmsRequestId: "STRING_VALUE",
+ * //   },
+ * //   TrackingStartDate: new Date("TIMESTAMP"),
+ * //   KeyCreationDate: new Date("TIMESTAMP"),
+ * // };
+ *
+ * ```
+ *
+ * @param GetKeyLastUsageCommandInput - {@link GetKeyLastUsageCommandInput}
+ * @returns {@link GetKeyLastUsageCommandOutput}
+ * @see {@link GetKeyLastUsageCommandInput} for command's `input` shape.
+ * @see {@link GetKeyLastUsageCommandOutput} for command's `response` shape.
+ * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
+ *
+ * @throws {@link DependencyTimeoutException} (server fault)
+ *  <p>The system timed out while trying to fulfill the request. You can retry the
+ *       request.</p>
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ * @throws {@link KMSServiceException}
+ * <p>Base exception class for all service exceptions from KMS service.</p>
+ *
+ *
+ * @example To retrieve the last usage for a KMS key
+ * ```javascript
+ * // The following example retrieves usage information about the last successful cryptographic operation performed with the specified KMS key, including the operation type, timestamp, and associated AWS CloudTrail event ID.
+ * const input = {
+ *   KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new GetKeyLastUsageCommand(input);
+ * const response = await client.send(command);
+ * /* response is
+ * {
+ *   KeyCreationDate: 1.77325342556E9,
+ *   KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   KeyLastUsage: {
+ *     CloudTrailEventId: "2cfd5892-ea8c-4342-ad49-4b9594b06a8b",
+ *     KmsRequestId: "040cce3e-9ef3-4651-b8cf-e47c9bafdc9b",
+ *     Operation: "Encrypt",
+ *     Timestamp: 1.773253497E9
+ *   },
+ *   TrackingStartDate: 1.77325342556E9
+ * }
+ * *\/
+ * ```
+ *
+ * @public
+ */
+export declare class GetKeyLastUsageCommand extends GetKeyLastUsageCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: GetKeyLastUsageRequest;
+            output: GetKeyLastUsageResponse;
+        };
+        sdk: {
+            input: GetKeyLastUsageCommandInput;
+            output: GetKeyLastUsageCommandOutput;
+        };
+    };
+}

package/dist-types/commands/ReEncryptCommand.d.ts

@@ -74,8 +74,10 @@ declare const ReEncryptCommand_base: {
  *          <p>
  *             <b>Cross-account use</b>: Yes. The source KMS key and
  *       destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a
- *       different account than the caller. To specify a KMS key in a different account, you must use
- *       its key ARN or alias ARN.</p>
+ *       different account than the caller. To specify a KMS key in a different account, use the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN">key ARN</a>
+ *       or <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-alias-ARN">alias ARN</a>. A short <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id">key ID</a>
+ *       is also acceptable for the source key when decrypting symmetric ciphertexts, though
+ *       using a full key ARN is recommended to be more explicit about the intended KMS key.</p>
  *          <p>
  *             <b>Required permissions</b>:</p>
  *          <ul>

package/dist-types/commands/UpdateCustomKeyStoreCommand.d.ts

@@ -58,8 +58,10 @@ declare const UpdateCustomKeyStoreCommand_base: {
  *       name (<code>NewCustomKeyStoreName</code>), to tell KMS about a change to the
  *         <code>kmsuser</code> crypto user password (<code>KeyStorePassword</code>), or to associate
  *       the custom key store with a different, but related, CloudHSM cluster
- *         (<code>CloudHsmClusterId</code>). To update any property of an CloudHSM key store, the
- *         <code>ConnectionState</code> of the CloudHSM key store must be <code>DISCONNECTED</code>. </p>
+ *         (<code>CloudHsmClusterId</code>). To update most properties of an CloudHSM key store, the
+ *         <code>ConnectionState</code> of the CloudHSM key store must be <code>DISCONNECTED</code>.
+ *         However, you can update the <code>CustomKeyStoreName</code> of an AWS CloudHSM key store
+ *         when it is in the <code>CONNECTED</code> or <code>DISCONNECTED</code> state.</p>
  *          <p>For an external key store, you can use this operation to change the custom key store
  *       friendly name (<code>NewCustomKeyStoreName</code>), or to tell KMS about a change to the
  *       external key store proxy authentication credentials
@@ -238,8 +240,10 @@ declare const UpdateCustomKeyStoreCommand_base: {
  *             </li>
  *             <li>
  *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
- *           disconnected. This operation is valid only when the custom key store
- *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *           disconnected. <code>UpdateCustomKeyStore</code> can be called on a custom key store in the
+ *             <code>CONNECTED</code> state only to update <code>NewCustomKeyStoreName</code>.
+ *             For all other properties, the custom key store
+ *             <code>ConnectionState</code> must be <code>DISCONNECTED</code>.</p>
  *             </li>
  *             <li>
  *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store

package/dist-types/commands/index.d.ts

@@ -23,6 +23,7 @@ export * from "./GenerateDataKeyPairWithoutPlaintextCommand";
 export * from "./GenerateDataKeyWithoutPlaintextCommand";
 export * from "./GenerateMacCommand";
 export * from "./GenerateRandomCommand";
+export * from "./GetKeyLastUsageCommand";
 export * from "./GetKeyPolicyCommand";
 export * from "./GetKeyRotationStatusCommand";
 export * from "./GetParametersForImportCommand";

package/dist-types/models/enums.d.ts

@@ -355,6 +355,28 @@ export declare const KeyEncryptionMechanism: {
  * @public
  */
 export type KeyEncryptionMechanism = (typeof KeyEncryptionMechanism)[keyof typeof KeyEncryptionMechanism];
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyLastUsageTrackingOperation: {
+    readonly Decrypt: "Decrypt";
+    readonly DeriveSharedSecret: "DeriveSharedSecret";
+    readonly Encrypt: "Encrypt";
+    readonly GenerateDataKey: "GenerateDataKey";
+    readonly GenerateDataKeyPair: "GenerateDataKeyPair";
+    readonly GenerateDataKeyPairWithoutPlaintext: "GenerateDataKeyPairWithoutPlaintext";
+    readonly GenerateDataKeyWithoutPlaintext: "GenerateDataKeyWithoutPlaintext";
+    readonly GenerateMac: "GenerateMac";
+    readonly ReEncrypt: "ReEncrypt";
+    readonly Sign: "Sign";
+    readonly Verify: "Verify";
+    readonly VerifyMac: "VerifyMac";
+};
+/**
+ * @public
+ */
+export type KeyLastUsageTrackingOperation = (typeof KeyLastUsageTrackingOperation)[keyof typeof KeyLastUsageTrackingOperation];
 /**
  * @public
  * @enum

package/dist-types/models/errors.d.ts

@@ -240,8 +240,10 @@ export declare class ConflictException extends __BaseException {
  *             </li>
  *             <li>
  *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
- *           disconnected. This operation is valid only when the custom key store
- *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *           disconnected. <code>UpdateCustomKeyStore</code> can be called on a custom key store in the
+ *             <code>CONNECTED</code> state only to update <code>NewCustomKeyStoreName</code>.
+ *             For all other properties, the custom key store
+ *             <code>ConnectionState</code> must be <code>DISCONNECTED</code>.</p>
  *             </li>
  *             <li>
  *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store

package/dist-types/models/models_0.d.ts

@@ -1,4 +1,4 @@
-import type { AlgorithmSpec, ConnectionErrorCodeType, ConnectionStateType, CustomerMasterKeySpec, CustomKeyStoreType, DataKeyPairSpec, DataKeySpec, DryRunModifierType, EncryptionAlgorithmSpec, ExpirationModelType, GrantOperation, ImportState, ImportType, IncludeKeyMaterial, KeyAgreementAlgorithmSpec, KeyEncryptionMechanism, KeyManagerType, KeyMaterialState, KeySpec, KeyState, KeyUsageType, MacAlgorithmSpec, MessageType, MultiRegionKeyType, OriginType, RotationType, SigningAlgorithmSpec, WrappingKeySpec, XksProxyConnectivityType } from "./enums";
+import type { AlgorithmSpec, ConnectionErrorCodeType, ConnectionStateType, CustomerMasterKeySpec, CustomKeyStoreType, DataKeyPairSpec, DataKeySpec, DryRunModifierType, EncryptionAlgorithmSpec, ExpirationModelType, GrantOperation, ImportState, ImportType, IncludeKeyMaterial, KeyAgreementAlgorithmSpec, KeyEncryptionMechanism, KeyLastUsageTrackingOperation, KeyManagerType, KeyMaterialState, KeySpec, KeyState, KeyUsageType, MacAlgorithmSpec, MessageType, MultiRegionKeyType, OriginType, RotationType, SigningAlgorithmSpec, WrappingKeySpec, XksProxyConnectivityType } from "./enums";
 /**
  * <p>Contains information about an alias.</p>
  * @public
@@ -1570,7 +1570,7 @@ export interface DecryptRequest {
      *       key or when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that
      *       it adds to the symmetric ciphertext blob. However, it is always recommended as a best
      *       practice. This practice ensures that you use the KMS key that you intend.</p>
-     *          <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
+     *          <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you should use the key ARN or alias ARN.</p>
      *          <p>For example:</p>
      *          <ul>
      *             <li>
@@ -2793,6 +2793,89 @@ export interface GenerateRandomResponse {
      */
     CiphertextForRecipient?: Uint8Array | undefined;
 }
+/**
+ * @public
+ */
+export interface GetKeyLastUsageRequest {
+    /**
+     * <p>Identifies the KMS key to get usage information for. To specify a KMS key, use its key ID
+     *       or key ARN. Alias names are not supported.</p>
+     *          <p>Specify the key ID or key ARN of the KMS key.</p>
+     *          <p>For example:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code>
+     *                </p>
+     *             </li>
+     *          </ul>
+     *          <p>To get the key ID and key ARN for a KMS key, use <a>ListKeys</a> or <a>DescribeKey</a>.</p>
+     * @public
+     */
+    KeyId: string | undefined;
+}
+/**
+ * <p>Contains usage information about the last time the KMS key was used for a successful cryptographic
+ *       operation.</p>
+ * @public
+ */
+export interface KeyLastUsageData {
+    /**
+     * <p>The last successful cryptographic operation the KMS key was used for. Absent if the key has not been
+     *       used since KMS began tracking.</p>
+     * @public
+     */
+    Operation?: KeyLastUsageTrackingOperation | undefined;
+    /**
+     * <p>The date and time when the KMS key was most recently used for a successful cryptographic
+     *       operation. Absent if the key has not been used since KMS began tracking.</p>
+     * @public
+     */
+    Timestamp?: Date | undefined;
+    /**
+     * <p>The CloudTrail <code>eventId</code> associated with the last successful cryptographic operation.
+     *       Absent if the key has not been used since KMS began tracking.</p>
+     * @public
+     */
+    CloudTrailEventId?: string | undefined;
+    /**
+     * <p>The KMS request ID associated with the last successful cryptographic operation. Absent if the key
+     *       has not been used since KMS began tracking.</p>
+     * @public
+     */
+    KmsRequestId?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetKeyLastUsageResponse {
+    /**
+     * <p>The globally unique identifier for the KMS key.</p>
+     * @public
+     */
+    KeyId?: string | undefined;
+    /**
+     * <p>Contains usage information about the last time the KMS key was used for a successful cryptographic
+     *       operation. If the key has not been used since tracking began, this response element is
+     *       empty.</p>
+     * @public
+     */
+    KeyLastUsage?: KeyLastUsageData | undefined;
+    /**
+     * <p>The date from which KMS began recording cryptographic activity for this key, or the date
+     *       the KMS key was created, whichever is later.</p>
+     * @public
+     */
+    TrackingStartDate?: Date | undefined;
+    /**
+     * <p>The date and time when the KMS key was created.</p>
+     * @public
+     */
+    KeyCreationDate?: Date | undefined;
+}
 /**
  * @public
  */
@@ -3943,7 +4026,7 @@ export interface ReEncryptRequest {
      *       <code>IGNORE_CIPHERTEXT</code>. If you used a symmetric encryption KMS key, KMS can get the KMS key
      *       from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best
      *       practice. This practice ensures that you use the KMS key that you intend.</p>
-     *          <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
+     *          <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you should use the key ARN or alias ARN.</p>
      *          <p>For example:</p>
      *          <ul>
      *             <li>
@@ -4507,6 +4590,12 @@ export interface SignRequest {
      *                </p>
      *             </li>
      *          </ul>
+     *          <important>
+     *             <p>When you specify the ED25519_PH_SHA_512 signing algorithm with <code>MessageType:DIGEST</code>, KMS
+     *       still performs the SHA-512 prehash described in <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf#page=39">Step 1
+     *       of Section 7.8.1 in FIPS 186-5</a>. This means the input is hashed twice: once by you and once by KMS.
+     *       </p>
+     *          </important>
      *          <p>When the value of <code>MessageType</code> is <code>DIGEST</code>, the length of the
      *         <code>Message</code> value must match the length of hashed messages for the specified
      *       signing algorithm.</p>
@@ -4713,8 +4802,7 @@ export interface UpdateCustomKeyStoreRequest {
      *          <important>
      *             <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
      *          </important>
-     *          <p>To change this value, an CloudHSM key store must be disconnected. An external key store can
-     *       be connected or disconnected.</p>
+     *          <p>To change this value, the custom key store can be connected or disconnected.</p>
      * @public
      */
     NewCustomKeyStoreName?: string | undefined;
@@ -4958,6 +5046,12 @@ export interface VerifyRequest {
      *                </p>
      *             </li>
      *          </ul>
+     *          <important>
+     *             <p>When you specify the ED25519_PH_SHA_512 signing algorithm with <code>MessageType:DIGEST</code>, KMS
+     *       still performs the SHA-512 prehash described in <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf#page=39">Step 1
+     *       of Section 7.8.1 in FIPS 186-5</a>. This means the input is hashed twice: once by you and once by KMS.
+     *       </p>
+     *          </important>
      *          <p>When the value of <code>MessageType</code> is <code>DIGEST</code>, the length of the
      *         <code>Message</code> value must match the length of hashed messages for the specified
      *       signing algorithm.</p>

package/dist-types/schemas/schemas_0.d.ts

@@ -101,6 +101,8 @@ export declare var GenerateMacRequest$: StaticStructureSchema;
 export declare var GenerateMacResponse$: StaticStructureSchema;
 export declare var GenerateRandomRequest$: StaticStructureSchema;
 export declare var GenerateRandomResponse$: StaticStructureSchema;
+export declare var GetKeyLastUsageRequest$: StaticStructureSchema;
+export declare var GetKeyLastUsageResponse$: StaticStructureSchema;
 export declare var GetKeyPolicyRequest$: StaticStructureSchema;
 export declare var GetKeyPolicyResponse$: StaticStructureSchema;
 export declare var GetKeyRotationStatusRequest$: StaticStructureSchema;
@@ -113,6 +115,7 @@ export declare var GrantConstraints$: StaticStructureSchema;
 export declare var GrantListEntry$: StaticStructureSchema;
 export declare var ImportKeyMaterialRequest$: StaticStructureSchema;
 export declare var ImportKeyMaterialResponse$: StaticStructureSchema;
+export declare var KeyLastUsageData$: StaticStructureSchema;
 export declare var KeyListEntry$: StaticStructureSchema;
 export declare var KeyMetadata$: StaticStructureSchema;
 export declare var ListAliasesRequest$: StaticStructureSchema;
@@ -185,6 +188,7 @@ export declare var GenerateDataKeyPairWithoutPlaintext$: StaticOperationSchema;
 export declare var GenerateDataKeyWithoutPlaintext$: StaticOperationSchema;
 export declare var GenerateMac$: StaticOperationSchema;
 export declare var GenerateRandom$: StaticOperationSchema;
+export declare var GetKeyLastUsage$: StaticOperationSchema;
 export declare var GetKeyPolicy$: StaticOperationSchema;
 export declare var GetKeyRotationStatus$: StaticOperationSchema;
 export declare var GetParametersForImport$: StaticOperationSchema;

package/dist-types/ts3.4/KMS.d.ts

@@ -103,6 +103,10 @@ import {
   GenerateRandomCommandInput,
   GenerateRandomCommandOutput,
 } from "./commands/GenerateRandomCommand";
+import {
+  GetKeyLastUsageCommandInput,
+  GetKeyLastUsageCommandOutput,
+} from "./commands/GetKeyLastUsageCommand";
 import {
   GetKeyPolicyCommandInput,
   GetKeyPolicyCommandOutput,
@@ -549,6 +553,19 @@ export interface KMS {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: GenerateRandomCommandOutput) => void
   ): void;
+  getKeyLastUsage(
+    args: GetKeyLastUsageCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetKeyLastUsageCommandOutput>;
+  getKeyLastUsage(
+    args: GetKeyLastUsageCommandInput,
+    cb: (err: any, data?: GetKeyLastUsageCommandOutput) => void
+  ): void;
+  getKeyLastUsage(
+    args: GetKeyLastUsageCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetKeyLastUsageCommandOutput) => void
+  ): void;
   getKeyPolicy(
     args: GetKeyPolicyCommandInput,
     options?: __HttpHandlerOptions

package/dist-types/ts3.4/KMSClient.d.ts

@@ -144,6 +144,10 @@ import {
   GenerateRandomCommandInput,
   GenerateRandomCommandOutput,
 } from "./commands/GenerateRandomCommand";
+import {
+  GetKeyLastUsageCommandInput,
+  GetKeyLastUsageCommandOutput,
+} from "./commands/GetKeyLastUsageCommand";
 import {
   GetKeyPolicyCommandInput,
   GetKeyPolicyCommandOutput,
@@ -286,6 +290,7 @@ export type ServiceInputTypes =
   | GenerateDataKeyWithoutPlaintextCommandInput
   | GenerateMacCommandInput
   | GenerateRandomCommandInput
+  | GetKeyLastUsageCommandInput
   | GetKeyPolicyCommandInput
   | GetKeyRotationStatusCommandInput
   | GetParametersForImportCommandInput
@@ -340,6 +345,7 @@ export type ServiceOutputTypes =
   | GenerateDataKeyWithoutPlaintextCommandOutput
   | GenerateMacCommandOutput
   | GenerateRandomCommandOutput
+  | GetKeyLastUsageCommandOutput
   | GetKeyPolicyCommandOutput
   | GetKeyRotationStatusCommandOutput
   | GetParametersForImportCommandOutput

package/dist-types/ts3.4/commands/GetKeyLastUsageCommand.d.ts

@@ -0,0 +1,50 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import {
+  KMSClientResolvedConfig,
+  ServiceInputTypes,
+  ServiceOutputTypes,
+} from "../KMSClient";
+import {
+  GetKeyLastUsageRequest,
+  GetKeyLastUsageResponse,
+} from "../models/models_0";
+export { __MetadataBearer };
+export { $Command };
+export interface GetKeyLastUsageCommandInput extends GetKeyLastUsageRequest {}
+export interface GetKeyLastUsageCommandOutput
+  extends GetKeyLastUsageResponse,
+    __MetadataBearer {}
+declare const GetKeyLastUsageCommand_base: {
+  new (
+    input: GetKeyLastUsageCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetKeyLastUsageCommandInput,
+    GetKeyLastUsageCommandOutput,
+    KMSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  new (
+    input: GetKeyLastUsageCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetKeyLastUsageCommandInput,
+    GetKeyLastUsageCommandOutput,
+    KMSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+export declare class GetKeyLastUsageCommand extends GetKeyLastUsageCommand_base {
+  protected static __types: {
+    api: {
+      input: GetKeyLastUsageRequest;
+      output: GetKeyLastUsageResponse;
+    };
+    sdk: {
+      input: GetKeyLastUsageCommandInput;
+      output: GetKeyLastUsageCommandOutput;
+    };
+  };
+}

package/dist-types/ts3.4/commands/index.d.ts

@@ -23,6 +23,7 @@ export * from "./GenerateDataKeyPairWithoutPlaintextCommand";
 export * from "./GenerateDataKeyWithoutPlaintextCommand";
 export * from "./GenerateMacCommand";
 export * from "./GenerateRandomCommand";
+export * from "./GetKeyLastUsageCommand";
 export * from "./GetKeyPolicyCommand";
 export * from "./GetKeyRotationStatusCommand";
 export * from "./GetParametersForImportCommand";

package/dist-types/ts3.4/models/enums.d.ts

@@ -217,6 +217,22 @@ export declare const KeyEncryptionMechanism: {
 };
 export type KeyEncryptionMechanism =
   (typeof KeyEncryptionMechanism)[keyof typeof KeyEncryptionMechanism];
+export declare const KeyLastUsageTrackingOperation: {
+  readonly Decrypt: "Decrypt";
+  readonly DeriveSharedSecret: "DeriveSharedSecret";
+  readonly Encrypt: "Encrypt";
+  readonly GenerateDataKey: "GenerateDataKey";
+  readonly GenerateDataKeyPair: "GenerateDataKeyPair";
+  readonly GenerateDataKeyPairWithoutPlaintext: "GenerateDataKeyPairWithoutPlaintext";
+  readonly GenerateDataKeyWithoutPlaintext: "GenerateDataKeyWithoutPlaintext";
+  readonly GenerateMac: "GenerateMac";
+  readonly ReEncrypt: "ReEncrypt";
+  readonly Sign: "Sign";
+  readonly Verify: "Verify";
+  readonly VerifyMac: "VerifyMac";
+};
+export type KeyLastUsageTrackingOperation =
+  (typeof KeyLastUsageTrackingOperation)[keyof typeof KeyLastUsageTrackingOperation];
 export declare const WrappingKeySpec: {
   readonly RSA_2048: "RSA_2048";
   readonly RSA_3072: "RSA_3072";

package/dist-types/ts3.4/models/models_0.d.ts

@@ -15,6 +15,7 @@ import {
   IncludeKeyMaterial,
   KeyAgreementAlgorithmSpec,
   KeyEncryptionMechanism,
+  KeyLastUsageTrackingOperation,
   KeyManagerType,
   KeyMaterialState,
   KeySpec,
@@ -349,6 +350,21 @@ export interface GenerateRandomResponse {
   Plaintext?: Uint8Array | undefined;
   CiphertextForRecipient?: Uint8Array | undefined;
 }
+export interface GetKeyLastUsageRequest {
+  KeyId: string | undefined;
+}
+export interface KeyLastUsageData {
+  Operation?: KeyLastUsageTrackingOperation | undefined;
+  Timestamp?: Date | undefined;
+  CloudTrailEventId?: string | undefined;
+  KmsRequestId?: string | undefined;
+}
+export interface GetKeyLastUsageResponse {
+  KeyId?: string | undefined;
+  KeyLastUsage?: KeyLastUsageData | undefined;
+  TrackingStartDate?: Date | undefined;
+  KeyCreationDate?: Date | undefined;
+}
 export interface GetKeyPolicyRequest {
   KeyId: string | undefined;
   PolicyName?: string | undefined;

package/dist-types/ts3.4/schemas/schemas_0.d.ts

@@ -100,6 +100,8 @@ export declare var GenerateMacRequest$: StaticStructureSchema;
 export declare var GenerateMacResponse$: StaticStructureSchema;
 export declare var GenerateRandomRequest$: StaticStructureSchema;
 export declare var GenerateRandomResponse$: StaticStructureSchema;
+export declare var GetKeyLastUsageRequest$: StaticStructureSchema;
+export declare var GetKeyLastUsageResponse$: StaticStructureSchema;
 export declare var GetKeyPolicyRequest$: StaticStructureSchema;
 export declare var GetKeyPolicyResponse$: StaticStructureSchema;
 export declare var GetKeyRotationStatusRequest$: StaticStructureSchema;
@@ -112,6 +114,7 @@ export declare var GrantConstraints$: StaticStructureSchema;
 export declare var GrantListEntry$: StaticStructureSchema;
 export declare var ImportKeyMaterialRequest$: StaticStructureSchema;
 export declare var ImportKeyMaterialResponse$: StaticStructureSchema;
+export declare var KeyLastUsageData$: StaticStructureSchema;
 export declare var KeyListEntry$: StaticStructureSchema;
 export declare var KeyMetadata$: StaticStructureSchema;
 export declare var ListAliasesRequest$: StaticStructureSchema;
@@ -184,6 +187,7 @@ export declare var GenerateDataKeyPairWithoutPlaintext$: StaticOperationSchema;
 export declare var GenerateDataKeyWithoutPlaintext$: StaticOperationSchema;
 export declare var GenerateMac$: StaticOperationSchema;
 export declare var GenerateRandom$: StaticOperationSchema;
+export declare var GetKeyLastUsage$: StaticOperationSchema;
 export declare var GetKeyPolicy$: StaticOperationSchema;
 export declare var GetKeyRotationStatus$: StaticOperationSchema;
 export declare var GetParametersForImport$: StaticOperationSchema;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-kms",
   "description": "AWS SDK for JavaScript Kms Client for Node.js, Browser and React Native",
-  "version": "3.1037.0",
+  "version": "3.1039.0",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:cjs": "node ../../scripts/compilation/inline client-kms",
@@ -23,17 +23,17 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "^3.974.5",
-    "@aws-sdk/credential-provider-node": "^3.972.36",
+    "@aws-sdk/core": "^3.974.7",
+    "@aws-sdk/credential-provider-node": "^3.972.38",
     "@aws-sdk/middleware-host-header": "^3.972.10",
     "@aws-sdk/middleware-logger": "^3.972.10",
     "@aws-sdk/middleware-recursion-detection": "^3.972.11",
-    "@aws-sdk/middleware-user-agent": "^3.972.35",
+    "@aws-sdk/middleware-user-agent": "^3.972.37",
     "@aws-sdk/region-config-resolver": "^3.972.13",
     "@aws-sdk/types": "^3.973.8",
     "@aws-sdk/util-endpoints": "^3.996.8",
     "@aws-sdk/util-user-agent-browser": "^3.972.10",
-    "@aws-sdk/util-user-agent-node": "^3.973.21",
+    "@aws-sdk/util-user-agent-node": "^3.973.23",
     "@smithy/config-resolver": "^4.4.17",
     "@smithy/core": "^3.23.17",
     "@smithy/fetch-http-handler": "^5.3.17",
@@ -41,7 +41,7 @@
     "@smithy/invalid-dependency": "^4.2.14",
     "@smithy/middleware-content-length": "^4.2.14",
     "@smithy/middleware-endpoint": "^4.4.32",
-    "@smithy/middleware-retry": "^4.5.5",
+    "@smithy/middleware-retry": "^4.5.7",
     "@smithy/middleware-serde": "^4.2.20",
     "@smithy/middleware-stack": "^4.2.14",
     "@smithy/node-config-provider": "^4.3.14",
@@ -57,7 +57,7 @@
     "@smithy/util-defaults-mode-node": "^4.2.54",
     "@smithy/util-endpoints": "^3.4.2",
     "@smithy/util-middleware": "^4.2.14",
-    "@smithy/util-retry": "^4.3.4",
+    "@smithy/util-retry": "^4.3.6",
     "@smithy/util-utf8": "^4.2.2",
     "tslib": "^2.6.2"
   },