In practice, when would you need CloudHSM?

Typically, reasons for using CloudHSM are related to compliance. KMS operates in shared hardware tenancy, like most AWS services. This means different customers are separated only virtually from each other. Regulation might require you to handle keys on a dedicated piece of hardware. In this case KMS alone would not be sufficient, and you would need to CloudHSM.