A Developer is storing sensitive documents in Amazon S3 that will require encryption at rest. The encryption keys must be rotated annually, at least.
What is the easiest way to achieve this?
A. Encrypt the data before sending it to Amazon S3
B. Import a custom key into AWS KMS with annual rotation enabled
C. Use AWS KMS with automatic key rotation
D. Export a key from AWS KMS to encrypt the data
